Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
201202203204205206207208209210
Preshared Keys Configuration on Cluster Nodes
Each cluster node has the following preshared keys configured:
KeyRemote IP Address
client1_key15.4.4.4 (Client1)
client2_key15.5.5.5 (Client2)
Preshared Keys Configuration on Client1
Client1 has the following preshared keys configured:
KeyRemote IP Address
client1_key16.98.98.98 (pkgA)
client1_key16.99.99.99 (pkgB)
Preshared Keys Configuration on Client2
Client2 has the following preshared keys configured:
KeyRemote IP Address
client2_key16.98.98.98 (pkgA)
client2_key16.99.99.99 (pkgB)
Step 4: Configuring Authentication Records for Certificates
This section describes configuration requirements for authentication records if you are using security
certificates (RSA signatures) for IKE authentication. If you are not using security certificates for IKE
authentication, go to “Step 5: Verifying and Testing the HP-UX IPSec Configuration” (page 210).
All nodes in an Serviceguard cluster share the same certificate and IKE ID configuration. Import
or retrieve a certificate and configure IKE ID information on one node in the cluster and transfer
the certificate files to the other nodes in the cluster.
Certificates
On the configuration node, obtain and install one certificate for the cluster, as described in
Chapter 5: “Using Certificates with HP-UX IPSec ” (page 100). All nodes in the cluster will use this
certificate. You will distribute copies of the certificate files to the other nodes in the cluster in “Step
7: Distributing HP-UX IPSec Configuration Files” (page 211).
On each cluster client, obtain and install a certificate for the client.
Authentication Records and IKE ID Information
Serviceguard systems are multihomed—each node has at least one stationary address, and can
be assigned a relocatable or package address at any time. You must configure local ID information
in the authentication record for each remote system address. This enables HP-UX IPSec to send the
correct local ID type and ID value to the remote systems.
Use the procedure described in “Step 3: Configuring authentication records and preshared keys
(page 77) to configure authentication records, with the additional requirements described in the
following sections.
208 HP-UX IPSec and Serviceguard