Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
171172173174175176177178179180
C Migrating from Previous Versions of HP-UX IPSec
This appendix provides information on migrating to the current version of HP-UX IPSec from previous
versions. This appendix contains the following sections:
“Pre-Installation Migration Instructions” (page 179)
“Post-Installation Migration Instructions” (page 179)
DES Compatibility
HP-UX IPSec version A.03.0x does not support DES encryption. The migration utility replaces DES
encryption in existing IKE, host, and tunnel policies with the default encryption algorithm for the
policy type. If you are using DES encryption, you must modify the configuration on all peers to use
alternate encryption algorithms.
NOTE: RFC 4772 deprecates DES. DES is susceptible to brute-force attacks.
Pre-Installation Migration Instructions
Before installing HP-UX IPSec version A.03.0x, verify that your installation meets the following
conditions:
Your current HP-UX IPSec version is A.02.01 or A.02.01.01. If not, you must upgrade to
HP-UX A.02.01 or A.02.01.01 first. see the HP-UX IPSec A.02.01 Administrator's Guide
(J4256-90015) for information on migrating from previous versions to A.02.01 or A.02.01.01.
HP-UX IPSec is not running. Enter the following command to stop HP-UX IPSec:
ipsec_admin -stop
Post-Installation Migration Instructions
The following sections describe migration procedures to perform after you have installed HP-UX
IPSec A.03.0x.
Profile File
The default location for the HP-UX IPSec profile file is /var/adm/ipsec/.ipsec_profile. If
this file exists when you install HP-UX IPSec A.03.0x, the installation script installs the A.03.0x
profile file under the file name /var/adm/ipsec/.ipsec_profile.blank. When you run
the ipsec_migrate utility, ipsec_migrate saves the existing /var/adm/ipsec/
.ipsec_profile file in the /var/adm/ipsec/backup directory before moving the /var/
adm/ipsec/.ipsec_profile.blank file to /var/adm/ipsec/.ipsec_profile.
If you use customized settings in your profile file, edit the /var/adm/ipsec/
.ipsec_profile.blank file with your customized settings before running ipsec_migrate.
Configuration Database
To migrate an HP-UX IPSec A.02.01 policy configuration database, use the following procedure.
DES Compatibility 179