HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

-hash hash_algorithm ..............................................................................................88

-encryption encryption_algorithm ..........................................................................89

-life lifetime_seconds ...........................................................................................89

-pfs ON|OFF ..............................................................................................................89

-priority priority_number .........................................................................................89

ipsec_config add ikev1 Command Examples....................................................................90

ipsec_config add ikev2 Syntax............................................................................................90

ikev2_policy_name .......................................................................................................91

-remote ip_addr [/prefix ] .......................................................................................91

ip_addr ..................................................................................................................91

prefix .....................................................................................................................91

-group group_number ................................................................................................91

-hash hash_algorithm ..............................................................................................92

-encryption encryption_algorithm ..........................................................................92

-prf pseudo-random_function...........................................................................................92

-life lifetime_seconds .....................................................................................................93

-pfs ON|OFF ..............................................................................................................93

-priority priority_number .........................................................................................93

ipsec_config add ikev2 Command Example.....................................................................93

Step 5: Configuring Certificates................................................................................................94

Step 6: Configuring the Bypass List (Local IP Addresses)...............................................................94

Logical Interfaces...............................................................................................................94

Example...........................................................................................................................95

Maximizing Security...........................................................................................................95

ipsec_config add bypass Syntax..........................................................................................95

ip_address ..................................................................................................................95

Bypass Configuration Example.............................................................................................96

Step 7: Verifying the Batch File Syntax.......................................................................................96

Step 8: Committing the Batch File Configuration and Verifying Operation......................................96

Step 9: Configuring HP-UX IPSec to Start Automatically................................................................98

ipsec_config add startup Syntax...........................................................................................98

Step 10: Creating Backup Copies of the Configuration Files.........................................................99

Certificate Storage Directory................................................................................................99

5 Using Certificates with HP-UX IPSec ..........................................................100

Overview............................................................................................................................100

Security Certificates and Public Key Cryptography................................................................100

Public Key Distribution..................................................................................................100

Security Certificates.....................................................................................................100

Digital Signatures............................................................................................................101

IKE Authentication with RSA Signatures...............................................................................101

PKI Requirements..................................................................................................................101

Multiple Level CA Requirements.........................................................................................102

LDAP Requirements...............................................................................................................102

Configuring Certificates.........................................................................................................102

Step 1: (Optional) Getting a Certificate for the Local System.......................................................103

Using the ipsec_config add csr Command..........................................................................103

ipsec_config add csr Syntax..............................................................................................103

-subject subject_name .............................................................................................103

-alt-ipv4 ipv4_addr ..................................................................................................104

-alt-ipv6 ipv6_addr ..................................................................................................104

-alt-fqdn fqdn ...........................................................................................................104

-alt-user-fqdn user_fqdn1 .........................................................................................105

-key-length .................................................................................................................105

-days number_days ..................................................................................................105

Contents 7