HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
# -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 3 - Host policy to secure all UDP packets between two hosts
############################################################################
#
#add host <udp_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol UDP -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 4 - Host policy to secure all packets between two hosts
#
# NOTE: If you use this policy to secure all packets in an IPv4
# subnet, you may need to insert a policy to allow ICMP packets
# to and from routers to pass in cleartext.
# For example:
# add host icmp_clear -destination <router_ip_address> \
# -protocol ICMP -action PASS
#
############################################################################
#
#add host <all_protocols_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol ALL -action ESP_AES128_HMAC_SHA1
#
############################################################################
#
# SECTION 2: Authentication Record with Preshared Key
#
############################################################################
#
# Uncomment and modify the following authentication record.
# The preshared key is used for authentication.
# You must configure one authentication record for each peer system.
#
# This configuration uses
# the local IP address and peer_ip_address as the authentication IDs.
#
# Preshared keys starting with 0x are stored as hex values.
#
# Copy and uncomment the following entry if you are using IKEv1 as the key
# exchange protocol:
#
#add auth <auth_policy_name> -remote <peer_ip_address> \
# -kmp ikev1 -rtype <ipv4|ipv6> -rid <peer_ip_address> \
# -local_method psk -psk <my_preshared_key>
#
# Copy and uncomment the following entry if you are using IKEv2 as the key
# exchange protocol:
#
#add auth <auth_policy_name> -remote <peer_ip_address> \
# -kmp ikev2 -rtype <ipv4|ipv6> -rid <peer_ip_address> \
# -local_method psk -psk <my_preshared_key>
#
############################################################################
#
# SECTION 3: IKEv1 Policy or IKEv2 Policy
#
############################################################################
#
# IKEv1 :
# The pre-loaded default IKEv1 policy has the following parameters:
# -Diffie-Hellman Group: 2
# -hash algorithm: MD5
# -encryption: 3DES
# -IKEv1 SA lifetime: 28800 seconds
#
# If you use IKEv1 as the Key Exchange Protocol and these parameter values
# do not meet your requirements,
# uncomment the following policy to change the default IKEv1 policy:
#
Step 2: Modifying the configuration batch file template 51