Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
SHA2-256
SHA2-384
SHA2-512
Default: The value of the hash parameter in the IKEV1Policy-Defaults section of the profile file
used. The default hash parameter value is MD5 in /var/adm/ipsec/.ipsec_profile.
-encryption encryption_algorithm
The encryption_algorithm is the encryption algorithm for encrypting IKE messages. You can
specify multiple encryption_algorithm values, delimited by commas and no spaces, and
specified in descending order of preference. At least one encryption algorithm must match a
encryption algorithm configured on the remote system.
Valid Values:
AES128-CBC (128–bit Advanced Encryption Standard CBC)
AES192-CBC (192–bit Advanced Encryption Standard CBC)
AES256-CBC (256–bit Advanced Encryption Standard CBC)
3DES (triple-DES CBC, three encryption iterations, each with a different 56-bit key, 3DES-CBC)
Default: The value of the encryption parameter in the IKEV1Policy-Defaults section of the profile
file used. The default encryption parameter value is 3DES in /var/adm/ipsec/
.ipsec_profile.
-life lifetime_seconds
The lifetime_seconds is the maximum lifetime for the IKE SA, in seconds.
Range: 0 (infinite) or 600 - 4294967294 seconds (approximately 497102 days).
Default: The value of the life parameter in the IKEV1Policy-Defaults section of the profile file
used. The default life parameter value is 28,800 (8 hours) in /var/adm/ipsec/
.ipsec_profile.
-pfs ON|OFF
The -pfs argument specifies if Perfect Forward Secrecy (PFS) is enabled (ON) or disabled (OFF).
With PFS, the exposure of one key permits access only to data protected by that key. When PFS
is enabled, HP-UX IPSec performs a Diffie-Hellman exchange for each IPsec SA negotiation.
This must match what is configured on the remote system. Do not enable PFS for negotiations with
systems using an HP-UX IPSec release prior to A.03.00.
Default: The value of the pfs parameter in the IKEV1Policy-Defaults section of the profile file used.
The default pfs parameter value is OFF in /var/adm/ipsec/.ipsec_profile.
-priority priority_number
The priority_number is the priority value HP-UX IPSec uses when selecting an IKEv1 policy (a
lower priority value has a higher priority). The priority must be unique for each IKEv1 policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority value that is set to the
current highest priority value (lowest priority) for IKEv1 policies in the configuration database,
incremented by the automatic priority increment value (priority) for IKEv1 policies specified in the
IKEV1Policy-Defaults section of the profile file (this policy will be the last policy evaluated before
the default policy). The default automatic priority increment value (priority) is 10.
If this is the first IKEv1 policy created, ipsec_config uses the automatic priority increment value
as the priority.
Step 4: Configuring IKEv1 and IKEv2 Policies 89