Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
About this document
This document describes how to install, configure, and troubleshoot HP-UX IPSec.
The latest version of this document are available at HP-UX IPSec Software.
Intended audience
This document is intended for system and network administrators responsible for installing,
configuring, and managing HP-UX IPSec. Administrators are expected to have knowledge of HP-UX
and networking concepts, commands, and configuration.
This document is not a tutorial.
New and changed features in A.03.02.02
HP-UX-IP Sec A.03.02.02 release adheres with RFC4868 to support HMAC-SHA-256,
HMAC-SHA-384, and HMAC-SHA-512 both for IKE and ESP (Encapsulating Security Payload). It
also supports the new encryption algorithms AES-CBC-192, AES-CBC-256 besides the currently
supported AES-CBC-128 transforms that exist in A.03.01.01 version (RFC3602).
HP-UX IPSec A.03.02.02 has a dependency on PHNE_43412 patch.
The A.03.02.02 release of HP-UX IPSec introduces the following changes:
IKE new algorithms support
With HP-UX IPSec A.03.02.02 the following IKE transforms are supported in addition to the currently
supported transforms in A.03.01.01 version.
IKEv1
Authentication Algorithms: SHA2-256, SHA2-384, and SHA2-512.
Encryption Algorithms: AES192-CBC and AES256-CBC.
IKEv2
Authentication Algorithms: HMAC-SHA2-256, HMAC-SHA2-384, and HMAC-SHA2-512.
Encryption Algorithms: AES192-CBC, AES256-CBC.
ESP new algorithm support
HP-UX IPSec A.03.02.02 version supports the following ESP transforms in addition to the currently
supported transforms in A.03.01.01 version.
ESP
Authentication Algorithms: HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
Encryption Algorithms: AES-CBC-192, AES-CBC-256
Changes to Ipsec_config
Ipsec_config command is enhanced to support and configure the newly introduced IKE and ESP
algorithms.
Changes to Ipsec_report
Ipsec_report command is enhanced to display the associations formed with newly introduced
transforms for both Phase1 and Phase2.
Intended audience 17