Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Table 7 Local and Remote ID Types and Values (continued)
ID ValueID Type
If there are spaces in the DN, you must enclose the DN in double quotes (““ ). For
example, CN=host1,C=US,O=My Company,OU=Blue Lab.
The values are defined as follows:
commonName: The commonName of the DN in printable string format. This field
cannot contain commas and must be 64 bytes or less.
country: The two-character ISO 3166-1 code for the country listed in the DN,
for example US for United States of America. This field cannot contain commas.
organization: The organization of the DN, for example Hewlett-Packard.
This field cannot contain commas and must be 64 bytes or less.
organizationalUnit: The organizationalUnit for the DN, for example
Marketing. This field cannot contain commas and must be 64 bytes or less.
Defaults: The address of the interface the local system uses to communicate with the remote system
for the ID value and the appropriate IP address type (IPV4 or IPV6 ) for the ID type.
-rtype remote_id_type and -rid remote_id
The remote_id_type and remote_id are used to verify the ID type and ID value sent by the
remote system when negotiating a IKE SA. This must match what is sent by the remote system.
You can use remote subnet or subtree matching to configure an authentication record that matches
multiple peers. See “Subtree and Address Range Remote ID Matching” (page 83).
Valid Values: Table 7 (page 80) lists the valid ID types and corresponding ID values.
Defaults: If remote_id_type and remote_id are not specified, ipsec_config uses the IP
address specified for the -remote argument and the appropriate ID type (IPV4 or IPV6 ).
-local_method method
The IKE authentication method the local system uses to authenticate itself to the remote system.
HP-UX IPSec uses the same method type for the local method and the remote method (the method
the local system uses to authenticate the remote system). You can specify the -local_method or
-remote_method argument but not both.
Valid Values:
PSK (preshared key)
RSASIG (RSA signatures using certificates)
Default: The configured value for -remote_method. If the -remote_method argument is not
specified, and the -preshared argument is present, the default is PSK. If both the
-remote_method and the -preshared argument are not specified, the default is the value for
the local-method parameter in the AUTHPolicy-Defaults section of the profile file used. The
default local-method parameter value is RSASIG (RSA signatures using certificates) in /var/
adm/ipsec/.ipsec_profile.
-remote_method method
The IKE authentication method the local system uses to authenticate the remote system.
HP-UX IPSec uses the same method type for the remote method and the local method (the method
the local system uses to authenticate itself to the remote system). You can specify the
-local_method or -remote_method argument but not both.
Valid Values:
PSK (preshared key)
RSASIG (RSA signatures using certificates)
Step 3: Configuring authentication records and preshared keys 81