Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
[-hash hash_algorithm]
[-encryption encryption_algorithm]
[-prf pseudo-random_function]
[-life lifetime_seconds]
[-pfs ON|OFF]
[-priority priority_number]
The complete ipsec_config add ikev2 syntax specification also allows you to specify the
following arguments:
nocommit (verify the syntax but do not commit the information to the database)
profile (alternate profile file)
See the ipsec_config_add(1M) manpage for complete syntax information.
ikev2_policy_name
The ikev2_policy_name is the user-defined name for the IKEv2 policy. This name must be
unique for each IKEv2 policy and is case-sensitive.
Valid Values: 1 - 63 characters. Each character must be an ASCII alphanumeric character, hyphen
(-), or underscore (_).
The name default is reserved. See default IKE Policies” (page 86) for more information.
-remote ip_addr [/prefix ]
The ip_addr and prefix are the IP address and network prefix length that specifies the remote
system or subnet for this policy.
NOTE: This argument is not valid for the default IKEv2 policy. The default IKEv2 policy matches
all remote addresses.
Where:
ip_addr
The ip_addr is the remote IP address.
Valid Values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-hexadecimal
notation. The IP address type (IPv4 or IPv6) must be the same for the source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you can use the double-colon
(::) notation within a specified IPv6 address to denote a number of zeros (0) within an address.
The address must be a unicast address.
Default: None.
prefix
The prefix is the prefix length, or the number of leading bits that must match when comparing
the remote address with ip_addr.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in the addresses must match.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits in the addresses must
match.
A prefix length of 0 bits matches all addresses.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address.
Default: 32 if ip_addr is a non-zero IPv4 address, 128 if ip_addr is a non-zero IPv6 address,
or 0 (match any address) if ip_addr is an all-zeros address (0.0.0.0 or 0::0).
-group group_number
The group argument specifies the Diffie-Hellman group used to select initial Diffie-Hellman values.
You can specify multiple group_number values, delimited by commas and no spaces, in
Step 4: Configuring IKEv1 and IKEv2 Policies 91