Manualshelf

HP-UX Mobile IPv4 A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
919293949596979899100
%QPHKIWTKPICPF#FOKPKUVGTKPI4QWVG1RVKOK\CVKQP
%QPHKIWTKPI4QWVG1RVKOK\CVKQP
Chapter 7
77
Step 3: On the Correspondent Node, Configure Security
Information about Home Agents (configure ha)
On the Correspondent Node, use the miproconfig configure ha command to configure
security information about Home Agents. The Correspondent Node will use this
information to authenticate messages from the Home Agent. The information you
configure on the Correspondent Node must match what you configured on the Home
Agent.
Multi-Homed Home Agent
If the Home Agent is multi-homed (it has multiple IP addresses), you must configure
security information for each IP address on the Home Agent by repeating the configure
ha command for each address. Each instance of the command for the same Home Agent
must have the same security parameters (SPI, security algorithm and key).
Use the following configure ha command syntax:
c[onfigure] h[a] ip_addr -spi spi [-algo algorithm] -key key
Where:
ip_addr is the IP address of the Home Agent.
spi is the Security Parameters Index (SPI), a number used to identify the Security
Association (SA) between the Home Agent and the Correspondent Node. The SPI does
not have to be unique on the Correspondent Node, but must match the SPI configured on
the Home Agent.
Acceptable Values: 256 to 2147483647 (integer).
algorithm is the cryptographic authentication algorithm used to authenticate the
messages exchanged between the Home Agent and the Correspondent Node. The
algorithm must match the algorithm configured on the Home Agent.
Acceptable Values: md5 (keyed Message Digest 5, MD5) or hmac-md5 (Hashed Message
Authentication Code with MD5). Keyed MD5 is considered vulnerable to attack by the
cryptographic community. HP recommends that you use HMAC-MD5. If you do not
specify the algo option, miproconfig will use hmac-md5.
key is the cryptographic key used by the authentication algorithm. The key must match
the key configured on the Home Agent.
Acceptable Values:
r[andom]: miproconfig will generate and display a random key for you.
a 128-bit key specified as a sequence of 16 two-digit hexadecimal values separated by
spaces.
Examples:
miproconfig> configure ha 15.1.1.1 -spi 1024 -algo md5 -key 11 22 \
33 44 55 66 77 88 99 00 11 22 33 44 55 66
miproconfig> configure ha 16.1.1.1 -spi 1025 -key r
You can also omit all options and miproconfig will prompt you for each option value. For
more information on the configure ha command, refer to “configure ha” on page 154.