HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

tunnel_policy_name ......................................................................................................73

-tsource and -tdestination tunnel_address .........................................................................73

-source and -destination ip_addr [/prefix].........................................................................74

ip_addr ..................................................................................................................74

prefix .....................................................................................................................74

-protocol protocol_id .....................................................................................................74

ICMPv4 messages....................................................................................................75

ICMPv6 messages....................................................................................................75

-action transform_list .....................................................................................................75

lifetime_seconds ......................................................................................................76

lifetime_kbytes ........................................................................................................76

Tunnel IPsec policy configuration example.............................................................................76

Step 3: Configuring authentication records and preshared keys....................................................77

Remote Multihomed Systems................................................................................................77

Authentication Record Order and Selection...........................................................................77

Automatic Priority Increment............................................................................................77

ipsec_config add auth Syntax..............................................................................................78

auth_name ..................................................................................................................78

-remote ip_addr [/prefix ] .......................................................................................78

ip_addr ..................................................................................................................78

prefix .....................................................................................................................78

-kmp ike_version.....................................................................................................79

-exchange AM|MM .....................................................................................................79

-ltype local_id_type and -lid local_id ...............................................................................80

-rtype remote_id_type and -rid remote_id .........................................................................81

-local_method method..................................................................................................81

-remote_method method................................................................................................81

-preshared preshared_key.........................................................................................82

-priority priority_number ................................................................................................82

-flags flags................................................................................................................82

Subtree and Address Range Remote ID Matching...................................................................83

Subtree Remote ID Matching...........................................................................................83

FQDN....................................................................................................................83

User FQDN.............................................................................................................84

X.500 DN...............................................................................................................84

Address Range Remote ID matching............................................................................84

Authentication Record Examples with Preshared Keys..............................................................84

IKEv1..........................................................................................................................84

IKEv2..........................................................................................................................84

Multihomed Example.....................................................................................................85

Authentication Record Examples with RSA Signatures..............................................................85

IKEv1 Example.............................................................................................................85

Distinguished Name Example.........................................................................................85

Multihomed Example.....................................................................................................85

Step 4: Configuring IKEv1 and IKEv2 Policies.............................................................................86

default IKE Policies.............................................................................................................86

IKE Policy Order and Selection............................................................................................86

Automatic Priority Increment............................................................................................86

Syntax..............................................................................................................................87

ipsec_config add ikev1 Syntax............................................................................................87

ikev1_policy_name .......................................................................................................87

-remote ip_addr[/prefix ] ........................................................................................87

ip_addr ..................................................................................................................88

prefix .....................................................................................................................88

-group group_number ................................................................................................88

6 Contents