HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

171

172

173

174

175

176

177

178

179

180

my_public_key x509pem "${CERTDIR}/${MY_PUB_KEY}" "${CERTDIR}/${MY_PRI_KEY}";

peers_public_key x509pem "${CERTDIR}/${PEERS_PUB_KEY}" "";

};

selector_index ike_trans_sel_in; };

vals.conf File

The relevant sections of the vals.conf file are as follows:

## /usr/local/racoon2/etc/racoon2/vals.conf

setval {

CERTDIR "/usr/local/racoon2/etc/racoon2/cert";

# Your Private Key file name

MY_PUB_KEY "myPubKey.pem";

# Your Private Key file name

MY_PRI_KEY "myPvtKey.pem";

# Peer's Public Key file name

# (certificate file)

PEERS_PUB_KEY "hpuxPeerPubKey.pem";

### Transport Mode Settings ###

# Your IP Address

MY_IPADDRESS "10.0.0.64";

# Peer's IP Address

PEERS_IPADDRESS "10.0.0.11";

};

default.conf File

The default.conf file installed with Racoon2 is used without modifications.

Configuration Example: IKEv2 Using Preshared Keys

The following configuration data is for an IKEv2 topology using preshared keys for end-to-end

IPsec SAs.

The address for the Free BSD 6.3 system is 10.0.0.65. The address for the HP-UX system is

10.0.0.11.

HP-UX IPSec Configuration

The ipsec_config batch file contains the following entries:

add host Bsd65 \

-src 10.0.0.11 -dst 10.0.0.65 -protocol all \

-action ESP_AES128_HMAC_SHA1

add ikev2 Bsd65 -rem 10.0.0.65 \

-group 2 -hash sha1 -enc 3des

add auth Bsd63Psk -rem 10.0.0.65 \

-kmp IKEV2 -psk myKey65

174 Interoperability