Manualshelf

HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
protocol was defined by the Internet Engineering Task Force (IETF) and is used for setting up
a security association (SA) in the IPsec protocol suite. The D-H group 24 is described in RFC
5114. For more information, see the RFC 5114 at the following IETF web page:
http://tools.ietf.org/html/rfc5114
New option for configuration of D-H group 24
The HP-UX IPSec ipsec_config command has been enhanced to allow you to configure
D-H group 24. Specify group 24 with the ipsec_config add ikev1 or ipsec_config
add ikev2 command. HP-UX IPSec also supports configuration of groups 2, 5, and 14.
The following command example configures D-H group 24 for an IKEv1 policy:
%ipsec_config add ikev1 policy_name -remote 192.6.1.1/32 \
-group 24 hash MD5 encryption 3DES -pfs OFF
The following command changes the default IKEv1 policy to include D-H group 24:
%ipsec_config add ikev1 default group 24 \
hash MD5 encryption 3DES -pfs OFF
The following command configures D-H group 24 for an IKEv2 policy:
%ipsec_config add ikev2 policy_name -remote 192.6.1.1/32 \
-group 24 hash MD5 encryption 3DES -pfs OFF
The following command changes the default IKEv2 policy to include D-H group 24:
%ipsec_config add ikev2 default group 24 \
hash MD5 encryption 3DES -pfs OFF
New and changed features in A.03.00.01
With the A.03.00.01 release of HP-UX IPSec, the ipsec_config add csr command now
supports specifying multiple values (up to 20) for the following types of alternative names for the
subjectAlternativeName field of a certificate:
-alt-ipv4
-alt-fqdn
-alt-user_fqdn
Without this enhancement, if IPSec is being used with the Secure Resource Partitions (SRP) product,
then each SRP would have to use the same ID when authenticating. For more information about
SRP, see the HP-UX Security Manuals web page at the following location:
http://www.hp.com/go/hpux-security-docs (select HP-UX Secure Resource Partitions (SRP) Software)
Revised ipsec_config add csr command syntax
The new command syntax for the command is as follows:
ipsec_config add csr -subj[ect_name] subject_name
[-alt-ipv4 ipv4_addr1 [-alt-ipv4 ipv4_addr2 ... -alt-ipv4 ipv4_addr20]]
[-alt-fqdn fqdn1 [-alt-fqdn fqdn2 ... -alt-fqdn fqdn20]]
[-alt-user-fqdn user_fqdn1 [-alt-user-fqdn user_fqdn2 ... -alt-user-fqdn user_fqdn20]]
[-key_length number_bits] [-days number_days]
Description of revised ipsec_config add csr command alternative-name
options
The following includes specifics about the three alternative-name options:
-alt-ipv4 ipv4_addr Specifies the IPv4 address you want in the
subjectAlternativeName field of the certificate. You can
specify up to 20 IPv4 addresses by repeating the
8 New and changed features