 |
» |
|
|
|
There are five main configuration areas: IPSec policies, ISAKMP policies,
preshared keys, security certificates (certificates and certificate IDs),
and boot options. Although you can configure these components in any order,
HP recommends that you use the following procedure to configure
IPSec: Start the ipsec_mgr configuration utility. Configure IPSec policies. An IPSec policy specifies the actions or transformations performed on
IP packets traveling between IPSec systems. The main components
of an IPSec policy are: IP
packet filter (IP address, protocol, and port information) Transform (action) list ISAKMP policy name
When an IP packet is initially sent or received, HP-UX IPSec
uses the IP packet filters to select an IPSec policy. IPSec then
takes an action according to the contents of the transform list.
If the action is to authenticate or encrypt the packet, the ISAKMP
policy is used to establish an ISAKMP Security Association (SA),
so that IPSec SAs can be established for authentication or encryption. Configure ISAKMP policies. An ISAKMP policy defines
the parameters used when negotiating an ISAKMP SA. These include
the authentication and encryption algorithms, and the primary authentication
method such as preshared keys or a certificate-based method, such
as RSA signatures. Configure the IPSec tunnel,
if you are using a tunnel. Configure preshared keys,
if you are using preshared keys for IKE authentication. Configure security certificates
and certificate IDs, if you are using RSA signatures for IKE authentication.
This procedure is described in Chapter 4 “Using Certificates
with HP-UX IPSec ”. Configure boot-up options.
The boot-up options allow you to configure HP-UX IPSec to automatically
start at system boot-up time and to specify general operating parameters. Verify the configuration. Print formatted IPSec and
ISAKMP policies.
|
Printable version
