HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

6.1.8 The ipsec Service

The ipsec service configures HP-UX IPSec to encrypt and authenticate IP packets between the

compartment IP address and a remote IP address.

6.1.8.1 Input Data

SRP prompts for the following data. You can also specify a variable name and value in the command

line, as described in 13.1 Creating an SRP Compartment or Adding Data to a Compartment.

IPsec peer IP

address

The destination, or remote IP address for the IPSec policies.

Variable Name: ipsec_peer_addr.

Valid Input: An IPv4 address in dotted-decimal notation or an IPv6 address in

colon-hexadecimal notation.

Default: None.

IPSec transform

The transform for the IPSec host policy. This must be compatible with the

transform configured on the peer system.

Variable Name: ipsec_transform.

Valid Input:

ESP_AES128_HMAC_SHA1

ESP_AES128_HMAC_MD5

ESP_3DES_HMAC_SHA1

ESP_3DES_HMAC_MD5

ESP_NULL_HMAC_SHA1

ESP_NULL_HMAC_MD5

Default: ESP_AES128_HMAC_SHA1

IPSec preshared

key

The preshared key used to authenticate the identity of the IPSec peer. This must

match the value configured on the peer system.

Parameter Name: ipsec_psk.

Valid value: A text string, containing 1 -

128 ASCII characters (whitespaces are

not allowed).

Default: None.

6.1.8.2 Configuration Data

SRP adds IPSec configuration data using the ipsec_config utility. IPSec adds the data to the IPSec

database, /var/adm/ipsec/config.db. To view the contents of the IPSec database, use the

ipsec_config or the ipsec_report utility. To modify the contents of the IPSec database, you

must use the ipsec_config utility.

SRP adds the following IPSec configuration data:

• A host IPSec policy

The host policy specifies encryption and authentication using the specified transform between

the specified remote IP address and the local (compartment) address. The default HP-UX IPSec

values are used for all other parameters.

• An Internet Key Exchange (IKE) policy