HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

171

172

173

174

175

176

177

178

179

180

default.conf File

The default.conf file installed with Racoon2 is used without modifications.

test.psk File

The /usr/local/racoon2/etc/racoon2/psk/test.psk key file contains the ASCII

preshared key value.

myKey65

Tips

The following tips might help you configure HP-UX IPSec and FreeBSD IPsec implementations:

• The IKEv1 SA lifetime must match. On Racoon2 IPsec implementations, the IKEv1 SA lifetime

is 300 seconds.

• The FreeBSD Racoon2 IPsec implementation does not support the IKEv2 CERTREQ payload.

You cannot use IKEv2 with RSA signatures when negotiating with FreeBSD systems using

Racoon2.

Cisco

HP-UX IPSec can interoperate with Cisco IOS IPsec implementations.

Version and Functionality

HP-UX IPSec has been successfully tested with the following Cisco product: Model 2821, version

12.4.

The following functionality was tested:

• IKEv1 using preshared key authentication for a host-to-gateway tunnel (HP-UX Host1 to the

Cisco router), with end-to-end clear text

Example

In the following topology, the HP-UX system with address 192.0.0.2 creates an IPsec tunnel to the

Cisco router with address 192.0.0.1. The HP-UX system uses the tunnel to communicate with the

host 192.1.1.2.

Figure 18 End to Gateway Tunnel with Cisco Router

HP-UX IPSec Configuration

The HP-UX IPSec configuration on Host1 is as follows:

# ipsec_config add host hpux-2 -action pass \

-src 192.0.0.2 -dst 192.1.1.2 \

-tunnel cisco-tunnel

# ipsec_config add tunnel cisco-tunnel \

-tsrc 192.0.0.2 -tdst 192.0.0.1 \

-src 192.0.0.2 -dst 192.1.1.2 \

-action ESP_AES128_HMAC_SHA1

# ipsec_config add auth cisco -remote 192.0.0.1 \

-psk myKey

176 Interoperability