Manualshelf

HP Tru64 UNIX Technical Updates for the Version 5.1B and Higher Operating System and Patches (February 2010)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B
21222324252627282930
Enter the key name.a.
b. Enter the Security Parameter Index (SPI).
c. Enter keys for the algorithms that are required by the proposals you chose. Select OK
to accept the data and close the Manual Keys: Add/Modify IPsec Key dialog box.
10. Select whether you want to apply the key(s) to inbound packets, outbound packets, or both.
If you want to specify additional keys, go to step 9. If you are finished specifying manual
keys, select Finish. Go to step 20.
11. Select an IKE proposal from the proposal list.
12. Select Add to restrict access to the connection and display the Add/Modify Remote IDs
dialog box. Do the following:
a. Select a remote identity type.
b. Enter an identity string, usually your IP address, domain name, or e-mail address.
c. Select OK to accept the data and close the Add/Modify Remote IDs dialog box.
Note:
A remote identity (ID) is one that is allowed to use this connection. Identities are values that
are either specified in a certificate by the Subject Alternate Name or that you enter when
specifying a pre-shared key. This step is optional. However, if you do not specify a remote
identity or identities, other systems might have unauthorized access to your system.
13. If you want to specify additional remote identities, go to step 12. If you are finished specifying
remote identities, select Next to accept the data, close the Add/Modify Connection: IKE
Proposal dialog box, and display the Add/Modify Connection: IKE Authentication dialog
box.
14. Select whether you want to authenticate IKE exchanges with a public-key certificate or a
pre-shared-key.
15. If you selected public-key certificate, select Add to add an IKE certificate. The Add/Modify
Certificates dialog box is displayed. Do the following:
a. Enter a certificate name, select a certificate encoding method, and enter the local path
to the certificate file.
b. If the certificate authenticates your system, select the encoding method and enter the
local path to the private key file.
c. If the certificate is trusted to sign other certificates, select CA Certificate. Otherwise, go
to step f.
d. If a Certificate Revocation List (CRL) is not available, select No Certificate Revocation
List (CRL) Available. Go to step f.
e. Select an encoding method for the CRL and enter a local path to the CRL file.
f. Select OK to accept the data and close the Add/Modify Certificates dialog box.
16. Select a certificate for the IKE exchange. Go to step 19.
17. If you selected pre-shared key, select Add an IKE pre-shared key. The Add/Modify IKE
Keys dialog box is displayed. Do the following:
a. Enter a key name and key value.
b. Select a local identity type.
c. Enter an identity string, usually your IP address or domain name.
d. Select OK to accept the data and close the Add/Modify IKE Keys dialog box.
18. Select a pre-shared key for the IKE exchange.
19. Select Next to close the Add/Modify Connection: IKE Authentication dialog box and display
the Add/Modify Connection: Optional IKE Parameters dialog box. Do the following:
Operating System and Associated Products Updates 29