Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
201202203204205206207208209210
There are two package clients:
Client1 (15.4.4.4)
Client2 (15.5.5.5)
HP-UX IPSec is securing the traffic between the clients and the package addresses.
The local ID used by the cluster nodes is the FQDN mycluster.hp.com.
The local IDs used by the clients are their IP addresses.
Authentication Records on Cluster Nodes
On each cluster node, the ipsec_config batch file contains the following entries:
add auth client1 -remote 15.4.4.4 -kmp IKEV1 \
-ltype FQDN -lid mycluster.hp.com \
-rtype IPV4 -rid 15.4.4.4 \
-psk my_client1_key
add auth client2 -remote 15.5.5.5 -kmp IKEV1 \
-ltype FQDN -lid mycluster.hp.com \
-rtype IPV4 -rid 15.5.5.5 \
-psk my_client2_key
add auth client1 -remote 15.4.4.4 -ltype IPV4 -lid 15.1.1.1
add auth client2 -remote 15.5.5.5 -ltype IPV4 -lid 15.1.1.1
If the cluster clients were multihomed, you would also add entries for the additional addresses on
the cluster clients, and specify local ID type and local ID value arguments.
Authentication Records on Client1
On client1, the ipsec_config batch file contains the following entries. The authentication
records use the default local ID type (IPV4) and default local ID value (the IP address of the interface
used to communicate with the remote system). If the cluster client was multihomed, you would add
entries for the additional addresses on the cluster client, and specify local ID type and local ID
value arguments.
add auth pkgA -remote 15.98.98.98 -kmp IKEV1 \
-rtype FQDN -rid mycluster.hp.com \
-psk my_client1_key
add auth pkgB -remote 15.99.99.99 -kmp IKEV1 \
-rtype FQDN -rid mycluster.hp.com \
-psk my_client1_key
Authentication Records on Client2
On client2, the ipsec_config batch file contains the following entries:
add auth pkgA -remote 15.98.98.98 -kmp IKEV1 \
-rtype FQDN -rid mycluster.hp.com \
-psk my_client2_key
add auth pkgB -remote 15.99.99.99 -kmp IKEV1 \
-rtype FQDN -rid mycluster.hp.com \
-psk my_client2_key
Step 3: Configuring Authentication Records for Preshared Keys 207