Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Default: The configured value for -local_method. If the -local_method argument is not
specified, and the -preshared argument is present, the default is PSK. If both the
-local_method and the -preshared argument are not specified, the default is the value for
the remote-method parameter in the AUTHPolicy-Defaults section of the profile file used. The
default remote-method parameter value is RSASIG (RSA signatures using certificates) in /var/
adm/ipsec/.ipsec_profile.
-preshared preshared_key
The preshared_key is the preshared key used for IKE authentication. Omit this argument if you
are using certificate-based authentication.
The preshared key must match the key configured on the remote system.
Valid Values: A text string, containing 1 - 128 ASCII characters or a hexadecimal value prefixed
by 0x. White spaces are not allowed. You must quote shell special characters if you are using the
command-line interface; do not quote them if you are using a batch file.
Default: None.
-priority priority_number
The priority_number is the priority value HP-UX IPSec uses when selecting an authentication
record (a lower priority value has a higher priority). The priority must be unique for each
authentication record. HP-UX IPSec searches the authentication records in priority order.
When the HP-UX system is the initiator in an IKE negotiation, it selects the first record with a remote
IP address value (-remote argument) that matches the remote system address.
When the local system is the responder in an IKEv1 MM or an IKEv2 negotiation, it selects the first
record with a remote IP address value that matches the IP packet source address.
When the local system is the responder in an IKEv1 AM negotiation, it selects the first record with
a matching remote ID value, and then verifies that the remote address specification matches. If the
address specification does not match, IKE continues to search the authentication records in priority
order.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority value that is set to the
current highest priority value (lowest priority) for authentication records in the configuration database,
incremented by the automatic priority increment value (priority) specified in the AuthPolicy-Defaults
section of the profile file (this policy will be the last authentication record evaluated). The default
automatic priority increment value (priority) is 10.
If this is the first authentication record created, ipsec_config uses the automatic priority increment
value as the priority.
-flags flags
Specifies additional options for this record.
Table 8 Authentication Record Flags
Column HeadFlag
Specifies that this authentication record is used for clients
that use stateless or stateful address autoconfiguration, such
as DHCP and DHCPv6 clients.
AUTOCONF
82 Configuring HP-UX IPSec