Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

HP-UX IPSec version A.01.06 Administrator's Guide: HP-UX 11i Version 2
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: J4256-90003

Edition: Edition E0703

Published: 07/03

© Copyright 2003 Hewlett-Packard Development Company L.P.

Table of Contents

Preface: About This Document
Intended Audience
New and Changed Documentation in This Edition
Publishing History
What’s in This Document
Typographical Conventions
Related Documents
HP Encourages Your Comments
OpenSSL Copyright Notice
1 HP-UX IPSec Overview
Introduction
Authentication Header (AH)
Transport and Tunnel Modes
Encapsulating Security Payload (ESP)
ESP Encryption
ESP with Authentication and Encryption
Internet Key Exchange (IKE)
IKE Automatic Keying
Security Associations (SAs) and IKE Phases
Re-using Negotiations
Generating Shared Keys: Diffie-Hellman
IKE Primary Authentication
HP-UX IPSec Topologies
End-to-End Topology
End-to-Gateway Topology
End-to-End Tunnel Topology
Gateway-to-Gateway Topology
2 Installing HP-UX IPSec
HP-UX IPSec Product Requirements
Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites
Step 2: Completing HP-UX IPSec Worksheets
Step 3: Loading the HP-UX IPSec Software
Step 4: Setting the HP-UX IPSec Password
Re-establishing the HP-UX IPSec Password
3 Configuring HP-UX IPSec
Overview
Step 1: Starting the ipsec_mgr Configuration Utility
Step 2A: Configuring the IPSec Policy Filter
Step 2B: Configuring the IPSec Policy Transform List
Step 2C: Configuring the ISAKMP Policy Name
Step 3: Configuring the ISAKMP Policy
Step 4: Configuring a Tunnel
Step 5: Configuring a Preshared Key
Step 6: Configuring Certificates
Step 7: Configuring Boot-up Options
Step 8: Verifying the Configuration
Step 9: Printing Formatted IPSec and ISAKMP Policies
4 Using Certificates with HP-UX IPSec
Overview
Security Certificates and Public Key Cryptography
Digital Signatures
IKE Public Key Distribution
Requirements
Using VeriSign Certificates
VeriSign Certificate Tasks
Step 1: Verifying Prerequisites
Step 2: Configuring Web Proxy Server Parameters
Step 3: Registering the Administrator
Step 4: Requesting and Receiving Certificates
Using Baltimore Certificates
Baltimore Certificate Tasks
Step 1: Verifying Prerequisites
Step 2: Requesting the Baltimore Certificate
Step 3: Configuring the Baltimore Certificate
Configuring Certificate IDs
Retrieving the Certificate Revocation List (CRL)
VeriSign
Baltimore
Manually Retrieving a CRL for VeriSign or Baltimore
5 Troubleshooting HP-UX IPSec
IPSec Operation
Establishing Security Associations (SAs)
Internal Processing
Troubleshooting Utilities Overview
Troubleshooting Hints
Status Check
Isolating HP-UX IPSec Problems from Upper-layer Problems
Checking Policy Configuration
Configuring HP-UX IPSec Auditing
Reporting Problems
Troubleshooting Scenarios
Autoboot is Not Working Properly
HP-UX IPSec Incorrectly Passes Packets
HP-UX IPSec Incorrectly Attempts to Encrypt/Authenticate Packets
HP-UX IPSec Attempts to Encrypt/Authenticate and Fails
ISAKMP/MM SA Negotiation Fails (Main Mode processing failed, MM negotiation timeout)
ISAKMP Primary Authentication with Preshared Key Fails
ISAKMP Primary Authentication Fails with Certificates
User Cannot Get a Local VeriSign Certificate
ISAKMP/MM SA Negotiation Succeeded, IPSec/QM SA Negotiation Failed (Quick Mode processing failed, QM negotiation timeout)
6 IPFilter and IPSec
IPFilter and IPSec Basics
IPSec UDP Negotiation
When Traffic Appears to be Blocked
Allowing Protocol 50 and Protocol 51 Traffic
IPSec Gateways
7 HP-UX IPSec and Linux
Limitations of HP-UX IPSec Interoperating with Linux FreeSwan
Configuration Example
A Product Specifications
IPSec RFCs
Product Restrictions
ISAKMP Limitations
IPv4 ICMP Messages
IPv6 ICMP Messages
B HP-UX IPSec Configuration Examples
Example 1: telnet Between Two Systems
Apple System Configuration
Banana System Configuration
Example 2: Authenticated ESP with Exceptions
Carrot IPSec Policies
C HP-UX IPSec Configuration Worksheets
IPSec Policy Worksheet
ISAKMP Policy Worksheet
Preshared Keys Worksheet
VeriSign Certificate Worksheet
Baltimore Certificate Worksheet
D Configuration Reference
Configuration Reference
Name
Exclusive
Policy Type
Filters
Transform List
ISAKMP Policy Name
Certificate ID Types and Values
E Troubleshooting Tools Reference
ipsec_admin
ipsec_report
Examples
ipsec_policy
Glossary
Index

List of Figures

1-1 Symmetric Key Authentication
1-2 AH in Transport Mode
1-3 AH in Tunnel Mode
1-4 Symmetric Key Cryptosystem
1-5 ESP Encryption in Transport Mode
1-6 ESP in Tunnel Mode
1-7 Authenticated ESP
1-8 Nested ESP in AH
1-9 SA Establishment
1-10 Diffie-Hellman Key Generation
1-11 IPSec End-to-End Topology
1-12 End Host-to-Gateway (VPN) Topology
1-13 End-to-Gateway IPSec Topology
1-14 End-to-End Tunnel Topology
1-15 IPSec Gateway-to-Gateway Topology
4-1 VeriSign Symmetric Key Cryptosystem
5-1 Title not available (Establishing Security Associations (SAs) )
5-2 Outbound Processing
6-1 IPFilter and IPSec
6-2 Scenario One
6-3 Scenario Two
6-4 Scenario Three
6-5 Packet with Unencrypted TCP Data
6-6 Packet with IPSec-Encrypted TCP Data
6-7 Scenario Four
B-1 Example 1: telnet AB
B-2 Example 1: telnet BA
B-3 Example 2: Network IPSec Policy with Exceptions

List of Tables

Publishing History Details
5-1 HP-UX IPSec Tasks and Utilities
A-1 Title not available (IPSec RFCs)
C-1 Title not available (IPSec Policy Worksheet)
C-2 Title not available (IPSec Policy Worksheet)
C-3 Title not available (IPSec Policy Worksheet)
C-4 Title not available (IPSec Policy Worksheet)
C-5 Title not available (IPSec Policy Worksheet)
C-6 Title not available (IPSec Policy Worksheet)
C-7 Title not available (ISAKMP Policy Worksheet)
C-8 Title not available (ISAKMP Policy Worksheet)
C-9 Title not available (Preshared Keys Worksheet)
C-10 Title not available (Preshared Keys Worksheet)
C-11 Title not available (VeriSign Certificate Worksheet)
C-12 Title not available (VeriSign Certificate Worksheet)
C-13 Title not available (VeriSign Certificate Worksheet)
C-14 Title not available (VeriSign Certificate Worksheet)
C-15 Title not available (VeriSign Certificate Worksheet)
C-16 Title not available (Baltimore Certificate Worksheet)
C-17 Title not available (Baltimore Certificate Worksheet)
D-1 Title not available (Comparative Key Lengths)
   


Preface: About This Document  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.