Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPSec version A.01.06 Administrator's Guide: HP-UX 11i Version 2 > Chapter 3 Configuring HP-UX IPSec

Step 3: Configuring the ISAKMP Policy
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

  1. To create an ISAKMP policy, click Create in the ISAKMP Policy area.

  2. The Create ISAKMP Policy screen appears.

  3. In the Name field, enter a unique name for the ISAKMP policy.

    To modify the parameters for the Default ISAKMP policy, click the Default checkbox.

  4. Enter the Lifetime value in seconds. The default value is 28800 (8 hours). The value must fall between the 600 seconds and 12 hours (43,200 seconds).

  5. Enter the Max Quick Modes value. The default value is 100. For perfect forward secrecy (PFS) for keys and identities, enter 1 in the Max Quick Modes field.

    If the value of Max Quick Modes is 1, IKE provides PFS for the IPSec SA keys and the identities of the ISAKMP negotiating parties (and identities of any parties for which the ISAKAMP parties are acting as proxies). With PFS, the exposure of one key permits access only to data protected by that key. When PFS is configured, the IKE daemon creates a new ISAKMP SA for each IPSec SA negotiation and performs a Diffie-Hellman exchange for each IPSec SA negotiation.

  6. Select an Oakley Group. The default group is MODP(1). MODP(1) uses 768 bits for an exponent, while MODP (2) uses 1024 bits. This is sometimes referred to as the Diffie-Hellman group and must match the value configured on the remote system.

  7. Select the appropriate Hash algorithm from the Hash menu. This must match the algorithm configured on the remote system.

  8. Select the appropriate Encryption algorithm from the Encryption menu. This must match the algorithm configured on the remote system.

  9. Select the appropriate Authentication algorithm from the Authentication menu. This must match the algorithm configured on the remote system.

    If you select preshared key, you must configure a preshared key for the remote system, as described in “Step 5: Configuring a Preshared Key”.

    If you select RSA signature, you must configure the local system to use security certificates, as described in Chapter 4 “Using Certificates with HP-UX IPSec ”.

  10. Click OK to save the policy and return to the Create IPSec Policy screen.

  11. If you do not want to configure an IPSec tunnel, click OK to save the IPSec policy. Go on to “Step 5: Configuring a Preshared Key” or Chapter 4 “Using Certificates with HP-UX IPSec ”. If you do not need to configure a preshared key or a certificate, return to “Step 2A: Configuring the IPSec Policy Filter” to continue configuring IPSec policies, or go to “Step 7: Configuring Boot-up Options”, or click Exit to leave ipsec_mgr. You do not have to go to the ISAKMP policy tab if you have already defined the ISAKMP policy in “Step 3: Configuring the ISAKMP Policy”.

    If you want to configure an IPSec tunnel, go on to “Step 4: Configuring a Tunnel”.



Step 2C: Configuring the ISAKMP Policy Name
  		 


Step 4: Configuring a Tunnel  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.