HP Tru64 UNIX Technical Updates for the Version 5.1B and Higher Operating System and Patches (February 2010)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0

Configuring a Secure Gateway

Before configuring IPsec on a router or a gateway, make sure that the system is configured as

an IP router. See the Network Administration: Connections manual for information on configuring

the system as an IP router.

To configure IPsec on a router or gateway, follow these steps:

1. From the SysMan Menu, select Networking→Additional Network Services→Set up IP

Security (IPsec) to display the IPsec main window.

Alternatively, enter the following command on the command line:

# /usr/sbin/sysman ipsec

If you are configuring IPsec for the first time, an informational dialog box is displayed that

tells you to define secure connections before enabling IPsec. If you enable IPsec without

defining secure connections, all packets into and out of the system are discarded; no traffic

will flow. Select OK.

The IPsec main window displays configured secure connections and configured public-key

certificates.

2. Select Enable IP Security (IPsec) at the top of the window.

3. Select Add. The Add/Modify a Secure Connection dialog box is displayed.

4. Enter a connection name.

5. Select Add to add a remote IP address selectors. The Add/Modify Selector dialog box is

displayed. Do the following:

a. Select a selector type.

b. Do one of the following:

• If you are communicating with a single host, enter the IP address.

• If you are communicating with a secure gateway, enter the subnet address.

• If you are communicating with a range of addresses, enter the first address.

c. For an IP subnet, enter the size of the subnet mask.

d. For a range of addresses, enter the last address.

e. Select an upper layer protocol to match. By default, all protocols are selected.

f. Enter a port number to match, if you want to restrict the selector to a specific port

number. By default, all port number are selected.

g. Select OK to accept the data and close the Add/Modify Selector dialog box. If you are

finished selecting remote and local addresses, go to step 7.

6. Select Add to add a local IP address selector. Go to step 5a.

7. Select an action to apply to the packets matching the selectors. The default is to apply IPsec

protection.

8. Select Next to accept the data and close the Add/Modify a Secure Connection dialog box.

The Add/Modify Connection: IPsec Proposal dialog box is displayed. Do the following:

a. Select an IPsec proposal from the proposal list.

b. If you are communicating with a secure gateway or a host, specify the IP address of the

remote system and your system's IP address (local).

c. Specify if you will use IKE to obtain keys or use manual configuration. Select Next to

accept the data and close the IPsec Proposal dialog box.

If you selected manual configuration and have created a custom proposal list with only

one proposal, the Add/Modify Connection: Manual Keys dialog box displays. Go to

step 9. If you selected the IKE protocol, the Add/Modify Connection: IKE Proposal

dialog box displays. Go to step 11.

9. Select Add to add a manual key and display the Manual Keys: Add/Modify IPsec Key dialog

box. Do the following: