HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
Example: Windows does not support HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 in
Phase2 as Authentication algorithm , whereas HP-UX IPSec provides the flexibility of choosing this
combination. The only compatible combination is SHA1 and MD5.
Compatible suite for Windows 7/2008 R2 to interoperate with HP-UX IPSec A.03.02.02
Phase 1: (IKEV1 only)
nl
Auth : MD5, SHA1, SHA-256, SHA-384.
nl
Encryption : 3DES, AES-CBC-128, AES-CBC-192, AES-CBC-256
nl
DH group : 1,2,14.
nl
Phase 2:
nl
Encryption : 3DES, AES-CBC-128, AES-CBC-192, AES-CBC-256
nl
Authentication : MD5, SHA1.
Linux
HP-UX IPSec can interoperate with Linux IPsec.
Interoperability with Linux
Though Linux has different implementations of IPSec like OpenSwan, Strongswan etc, we chose
Strongswan over OpenSwan as it is more mature and most of the algorithms and transforms
combinations are supported.
The current release of A.03.02.02 has been successfully tested for Interoperability with Linux
Strongswan 5.0.1 on Linux Kernel K3.5.0-17-generic.
Following is the Interoperability cipher combinations that have been tested.
IKEv1 test results with all possible combination of algorithms with Strongswan
• Test 1: IKEv1 with DH group2 and Phase 2 transform: ESP_AES256_HMAC_SHA2_512
SHA2 — 512SHA2 — 384SHA2 — 256SHA 1MD 5ENC/AUTH
3DES
AES
128–CBC
AES
192–CBC
AES
256–CBC
• Test 2 : IKEv1 with DH group24 and Phase 2 transform : ESP_AES256_HMAC_SHA2_512
SHA2 — 512SHA2 — 384SHA2 — 256SHA 1MD 5ENC/AUTH
3DES
AES
128–CBC
AES
192–CBC
AES
256–CBC
Linux 167