Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
NOTE: This argument is not valid for the default IKEv1 policy. The default IKEv1 policy matches
all remote addresses.
Where:
ip_addr
The ip_addr is the remote IP address.
Valid Values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-hexadecimal
notation. HP-UX IPSec does not support unspecified IPv6 addresses. However, you can use the
double-colon (::) notation within a specified IPv6 address to denote a number of zeros (0) within
an address. The address must be a unicast address.
Default: None.
prefix
The prefix is the prefix length, or the number of leading bits that must match when comparing
the remote address with ip_addr.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in the addresses must match.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits in the addresses must
match.
A prefix length of 0 bits matches all addresses.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address.
Default: 32 if ip_addr is a non-zero IPv4 address, 128 if ip_addr is a non-zero IPv6 address,
or 0 (match any address) if ip_addr is an all-zeros address (0.0.0.0 or 0::0).
-group group_number
The group argument specifies the Diffie-Hellman group (sometimes referred to as the Oakley
group) used to select initial Diffie-Hellman values. You can specify multiple group_number values,
delimited by commas and no spaces, and specified in descending order of preference. At least
one group number must match a group number configured on the remote system.
HP recommends that you do not use group 1 unless you are required to for compatibility reasons.
For efficiency when negotiating IKE SAs, HP recommends that you specify the group that is most
commonly used in your network first, other than group 1.
Valid Values:
1 (MODP, 768-bit exponent)
2 (MODP, 1024-bit exponent)
5 (MODP, 1536-bit exponent)
14 (MODP, 2048-bit exponent)
24 (MODP, 2048-bit exponent and 256-bit prime order subgroup)
Default: The value of the group parameter in the IKEV1Policy-Defaults section of the profile file
used. The default group parameter value is 2 in /var/adm/ipsec/.ipsec_profile.
-hash hash_algorithm
The hash argument specifies the hash algorithm for authenticating IKE messages. You can specify
multiple hash_algorithm values, delimited by commas and no spaces, and specified in
descending order of preference. At least one hash algorithm must match a hash algorithm configured
on the remote system.
Valid Values:
MD5 (128-bit RSA Message Digest-5, MD5)
SHA1 (160-bit Secure Hash Algorithm-1, SHA1)
88 Configuring HP-UX IPSec