HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

OpenSSL copyright notice........................................................................................................28

1 HP-UX IPSec overview...............................................................................30

Features................................................................................................................................30

IPsec protocol suite.................................................................................................................32

Encapsulating Security Payload (ESP)....................................................................................32

Shared key encryption...................................................................................................32

Shared key hash functions..............................................................................................33

ESP processing.............................................................................................................34

Transport and tunnel modes............................................................................................35

Transport mode........................................................................................................35

Tunnel mode............................................................................................................35

IPv6 ESP transport mode............................................................................................36

IPv6 ESP tunnel mode...............................................................................................36

ESP Encryption and authentication algorithms...................................................................36

Non-authenticated ESP...................................................................................................37

Authentication Header (AH)................................................................................................37

Internet Key Exchange (IKE).................................................................................................37

Security associations......................................................................................................38

IKEv1 phases and exchange modes............................................................................38

Generating shared keys: Diffie-Hellman............................................................................39

IKE primary authentication.........................................................................................40

IKE preshared key authentication................................................................................40

IKE digital signature authentication.............................................................................40

Perfect Forward Secrecy.................................................................................................40

IPsec re-keying..............................................................................................................40

Manual keys.....................................................................................................................40

Summary..........................................................................................................................41

HP-UX IPSec topologies...........................................................................................................42

Host-to-host security within an internal network.......................................................................42

Host-to-host VPN across the Internet......................................................................................42

Host-to-gateway VPN across the internet...............................................................................43

Application server in DMZ with back-end server.....................................................................43

Securing access between the client and DMZ server...............................................................44

2 Installing HP-UX IPSec ..............................................................................45

HP-UX IPSec product requirements.............................................................................................45

Software requirements........................................................................................................45

Disk requirements...............................................................................................................45

Step 1: Verifying HP-UX IPSec installation and configuration prerequisites.......................................45

Step 2: Loading the HP-UX IPSec software .................................................................................46

Step 3: Establishing the HP-UX IPSec password...........................................................................47

Step 4: Completing Post-Installation migration requirements..........................................................47

Removing HP-UX IPSec............................................................................................................47

3 Quick configuration procedure and tips.......................................................48

Overview..............................................................................................................................48

Step 1: Establishing the HP-UX IPSec password...........................................................................48

Step 2: Modifying the configuration batch file template...............................................................48

Policy priority order and selection.........................................................................................49

Automatic priority assignment.........................................................................................49

Host-to-host template file.....................................................................................................49

Example...........................................................................................................................52

Red configuration..........................................................................................................52

Blue configuration.........................................................................................................52

Step 3: Verifying the batch file syntax........................................................................................52

4 Contents