Manualshelf

HP Tru64 UNIX Technical Updates for the Version 5.1B and Higher Operating System and Patches (February 2010)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1A
21222324252627282930
f. If you want to restrict the selector to a specific port number, Enter a port number to
match. By default, all port numbers are selected.
g. Select OK to accept the data and close the Add/Modify Selector dialog box. If you are
finished adding remote and local addresses, go to step 7.
6. Select Add to add a local IP address selector. Go to step 5a.
7. Select an action to apply to the packets matching the selectors. The default is to apply IPsec
protection.
8. Select Next to accept the data and close the Add/Modify a Secure Connection dialog box.
The Add/Modify Connection: IPsec Proposal dialog box is displayed. Do the following:
a. Select an IPsec proposal from the proposal list.
b. If you are communicating with a secure gateway, specify the IP address of the secure
gateway (remote) and your system's IP address (local).
c. Specify if you will use IKE to obtain keys or use manual configuration. Select Next to
accept the data and close the Add/Modify Connection: IPsec Proposal dialog box.
If you selected manual configuration and have created a custom proposal list with only
one proposal, the Add/Modify Connection: Manual Keys dialog box displays. Go to
step 9. If you selected the IKE protocol, the Add/Modify Connection: IKE Proposal
dialog box displays. Go to step 11.
9. Select Add to add a manual key and display the Modify Keys: Add/Modify IPsec Key dialog
box. Do the following:
a. Enter the key name.
b. Enter the Security Parameter Index (SPI).
c. Enter keys for the algorithms that are required by the proposals you chose. Select OK
to accept the data and close the Modify Keys: Add/Modify IPsec Key dialog box.
10. Select whether you want to apply the key(s) to inbound packets or outbound packets, or
both. If you want to specify additional keys, go to step 9. If you are finished specifying
manual keys, go to step 20.
11. Select an IKE proposal from the proposal list.
12. Select Add to restrict access to the connection and display the Add/Modify Remote IDs
dialog box. Do the following:
a. Select a remote identity type.
b. Enter an identity string, usually your IP address, domain name, or e-mail address.
c. Select OK to accept the data and close the Add/Modify Remote IDs dialog box.
Note:
A remote identity (ID) is one that is allowed to use this connection. Identities are values that
are either specified in a certificate by the Subject Alternate Name or that you enter when
specifying a pre-shared key. This step is optional. However, if you do not specify a remote
identity or identities, other systems might have unauthorized access to your system.
13. If you want to specify additional remote identities, go to step 12. If you are finished specifying
remote identities, select Next to accept the data, close the Add/Modify Connection: IKE
Proposal dialog box, and display the Add/Modify Connection: IKE Authentication dialog
box.
14. Select whether you want to authenticate IKE exchanges with a public-key certificate or a
pre-shared-key.
15. If you selected public-key certificate, select Add to add an IKE certificate. The Add/Modify
Certificates dialog box is displayed. Do the following:
26