HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

161

162

163

164

165

166

167

168

169

170

B Interoperability

This appendix contains following information about using HP-UX IPSec with other IPsec

implementations and contains the following sections:

• “Microsoft” (page 165)

• “Linux” (page 167)

• “FreeBSD” (page 170)

• “Cisco” (page 176)

Microsoft

HP-UX IPSec can interoperate with Microsoft IPsec implementations.

Versions and Functionalities

HP-UX IPSec A.03.02.02 has been successfully tested with the following Microsoft products and

functionalities:

Windows 2008 server R2 and

Windows 7

IKEv1 using preshared key authentication for end-to-end

transport IPsec SAs for all ports and protocols with

compatible crypto transforms only.

HP-UX IPSec A.03.00 has been successfully tested with the following Microsoft products and

functionalities:

Windows XP SP2 IKEv1 using preshared key authentication for end-to-end transport

IPsec SAs for all ports and protocols

IKEv1 using RSA signatures (certificates) authentication for end-to-end

transport IPsec SAs for all ports and protocols

IKEv1 using RSA signatures with multiple-level CAs for end-to-end

transport IPsec SAs for all ports and protocols

Windows Vista IKEv1 using preshared key authentication for end-to-end transport

IPsec SAs for all ports and protocols

Windows 2008 Server IKEv1 using preshared key authentication for host-to-host transport

IPsec SAs for all ports and protocol

IKEv1 using preshared key authentication for host-to-host transport

IPsec SAs for only inbound telnet service on the Windows server

Tips

The following tips might help you configure HP-UX IPSec and Microsoft IPsec implementations:

• The default IKEv1 authentication method on Microsoft systems is Kerberos. You must change

the IKE authentication method to Computer Certificate (RSA signatures) or preshared key.

• The default IKEv1 hash algorithm on Microsoft systems is SHA-1. On HP-UX systems, the default

IKEv1 hash algorithm is MD5. You must change the hash algorithm to match the peer.

• When using RSA signatures for IKE authentication, Microsoft systems use X.500 Distinguished

Name as the ID type by default.

• If you are using the IPsec Policy Management Microsoft Management Control (MMC) snap-in

(used with Windows XP and Windows 2003, and provided for compatibility on Windows

2008 and Vista) and configuring host-to-host IPsec security, configure one rule and set the

Mirror field to yes. Specify the HP-UX system address as the destination address.

Microsoft 165