HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Contents

HP secure development lifecycle....................................................................16

About this document ...................................................................................17

Intended audience..................................................................................................................17

New and changed features in A.03.02.02.................................................................................17

Features in HP-UX IPSec A.03.01.01..........................................................................................18

Features in HP-UX IPSec A.03.00.01..........................................................................................18

Revised ipsec_config add csr command syntax...........................................................................18

Examples of the ipsec_config add csr command specifying multiple alternative names ....................19

Features in HP-UX IPSec A.03.00.00.........................................................................................19

IKE policy changes.................................................................................................................20

Support for IKE version 2....................................................................................................21

IKEv1 and IKEv2 policies replace IKE policies........................................................................21

default IKEv1 and IKEv2 policies..........................................................................................21

The ipsec_config add ike command is deprecated.................................................................21

IKE DES encryption is obsolete.............................................................................................21

IKEv1 Perfect forward secrecy with keys only..........................................................................22

IKE support for multiple hash, encryption, and group values....................................................22

IKE Support for Diffie-Hellman groups 5 and 14.....................................................................22

IKE support for AES128-CBC encryption................................................................................22

Authentication record changes.................................................................................................22

Authentication records are mandatory..................................................................................22

Authentication records include a priority value.......................................................................22

Authentication records specify the IKE (key management protocol) version.................................23

Authentication records support the AUTOCONF flag..............................................................23

Authentication records support subtrees and address ranges for remote ID matching...................23

Hexadecimal storage for preshared key values starting with 0x................................................23

Host and tunnel policy changes................................................................................................23

Nested transforms and DES Ttransforms are obsolete..............................................................23

Support for fallback to clear in host policies...........................................................................23

Support for multiple source and destination arguments in host and tunnel policies.......................24

Support for IP address and port number ranges in host policies................................................24

Support for IP address ranges in tunnel policies.....................................................................24

Port numbers and services are ignored in tunnel policies.........................................................24

Support for ICMPv4 and ICMPv6 type codes in host policies...................................................24

Support for IPv6 mobility header type codes in host policies....................................................24

Certificate changes.................................................................................................................24

The ipsec_config add cert command is deprecated................................................................24

Support for 4096 bit key pairs for certificates........................................................................25

Support for PKCS#12 certificates..........................................................................................25

Certificate retrieval from LDAP directories..............................................................................25

Support for multiple level public key infrastructures.................................................................25

Certificate Revocation List cron file change............................................................................25

Support for RFC 4301 security processing for ICMP errors............................................................25

Profile file changes..................................................................................................................25

Mobile IPv6 support is obsolete................................................................................................26

Gateway policies are obsolete.................................................................................................26

Related information.................................................................................................................26

Publishing history....................................................................................................................26

What’s in this document..........................................................................................................27

Typographic conventions.....................................................................................................27

HP encourages your comments.................................................................................................28

Contents 3