 |
» |
|
|
|
A- Advanced Encryption Standard
- (see AES)
- advanced troubleshooting, Internal Processing
- AES (Advanced Encryption Standard), ESP Encryption, Glossary
- Linux interoperability, Linux FreeSwan
- AH (Authentication Header)
- algorithms, Authentication Header (AH), Authentication Algorithms
- configuring in host IPSec policies, -action
- configuring in tunnel IPSec policies, -action transform_list
- definition, Glossary
- description, Authentication Header (AH)
- negotiation, Establishing Security Associations (SAs)
- processing, Inbound Data
- RFC, IPSec RFCs
- asymmetric
key, Security Certificates and Public Key Cryptography
- public/private, Glossary
- audit file, ISAKMP/MM SA Negotiation Succeeded, IPSec/QM SA Negotiation Fails (Quick Mode processing failed, QM negotiation timeout)
- determining the name of current, Viewing and Configuring Audit Information
- audit level
- changing, Troubleshooting Utilities Overview
- default, Configuring HP-UX IPSec Auditing
- auditing, Troubleshooting Utilities Overview, Configuring HP-UX IPSec Auditing
- authenticated ESP (Encapsulating Security
Payload), Authenticated ESP
- authentication, Glossary
- algorithms, Authentication Header (AH), Authentication Algorithms
- IKE primary, IKE Primary Authentication
- methods, IKE Primary Authentication
- with ESP (Encapsulating Security Payload), Authenticated ESP
- authentication algorithm
- configuring in IKE policies, -hash MD5|SHA1
- Authentication Header
- (see AH)
- authentication records
- configuring, ipsec_config add auth Syntax
C- Care-of Address (Mobile IPv6)
- defined, Care-of Address
- certificate authority (CA), Overview
- defined, Glossary
- Certificate Revocation List (CRL), Security Certificates, Glossary
- Baltimore, Baltimore
- retrieval, Retrieving the Certificate Revocation List (CRL)
- VeriSign, Overview, VeriSign
- certificates, Security Certificates
- Baltimore, Using Baltimore Certificates
- configuring Baltimore certificates, Using Baltimore Certificates
- configuring IKE ID information, Configuring Authentication Records with IKE IDs
- configuring VeriSign certificates, Overview
- definition, Security Certificates, Glossary
- how they work, Security Certificates
- ID types accepted, ISAKMP Limitations
- IPv6 with, ISAKMP Limitations
- troubleshooting, Problem
- troubleshooting VeriSign, Problem
- VeriSign, Overview
- clear text
- configuring in host IPSec policies, -action
- processing, Inbound Data
- components, Configuration Overview
- configuration
- examples
- host-to-gateway, Example 3: Host to Gateway
- manual keys, Example 4: Manual Keys
- Mobile IPv6, Mobile IPv6 Configuration Example
- preshared keys, Example 1: telnet Between Two Systems
- telnet, Example 1: telnet Between Two Systems
- configuring
- auditing, Configuring HP-UX IPSec Auditing
- authentication records, Step 4: Configuring Preshared Keys Using Authentication Records
- bypass list, Step 6: Configuring the Bypass List (Local IPv4 Addresses)
- certificates, Step 3: Configuring the Baltimore Certificate
- gateway IPSec policies, Understanding Gateway IPSec Policies
- GUI display requirements, Step 2: Configuring Web Proxy Server Parameters, Step 3: Configuring the Baltimore Certificate
- host IPSec policies, ipsec_config add host Syntax
- IKE policies, Step 3: Configuring IKE Policies
- manual keys, Using Manual Keys
- pre-shared keys, Step 4: Configuring Preshared Keys Using Authentication Records
- prerequisites, Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites
- startup options, ipsec_config add startup Syntax
- tunnel IPSec policies, Step 2: Configuring Tunnel IPSec Policies
- VeriSign certificates, Step 4: Requesting and Receiving Certificates
- Correspondent Node (Mobile IPv6)
- defined, Correspondent Nodes
- CRL
- (see Certificate Revocation List)
- CRON
job, Retrieving the Certificate Revocation List (CRL)
- cron(1M), Retrieving the Certificate Revocation List (CRL)
D- daemons
- IPSec, Troubleshooting Procedures
- Data Encryption Standard
- (see DES)
- DES (Data Encryption Standard), ESP Encryption, Glossary
- RFC, IPSec RFCs
- Diffie-Hellman, Security Associations (SAs) and IKE Phases, Re-using Negotiations, ISAKMP/MM SA Negotiation Fails (Main Mode processing failed, MM negotiation timeout), Glossary
- group, Glossary
- configuring in IKE policies, -group 1|2
- digital signature, IKE Primary Authentication
- disk requirements, Disk Requirements
- DISPLAY environment variable, Step 2: Configuring Web Proxy Server Parameters, Step 3: Configuring the Baltimore Certificate
E- Encapsulating
Security Payload
- (see ESP)
- encryption
- algorithms, ESP Encryption, Encryption Algorithms
- configuring in IKE policies, -encryption encryption_algorithm
- definition, Glossary
- keys, Establishing Security Associations (SAs)
- Linux interoperability, Linux FreeSwan
- encryption keys
- generating, Using the HP-UX Strong Random Number Generator
- end-to-end topology
- (see host-to-host topology)
- end-to-gateway topology
- (see host-to-gateway topology)
- ESP (Encapsulating Security Payload)
- algorithms, ESP Encryption, Encryption Algorithms
- configuring in host IPSec policies, -action
- configuring in tunnel IPSec policies, -action transform_list
- definition, Glossary
- negotiation, Establishing Security Associations (SAs)
- processing, Inbound Data
- RFC, IPSec RFCs
- tunnel mode, Tunnel Mode
- with authentication, ESP with Authentication and Encryption
H- hash
- symmetric key
- description, Authentication Header (AH)
- hash algorithm
- configuring in IKE policies, -hash MD5|SHA1
- Home Address (Mobile IPv6)
- defined, Mobile Node and Home Address
- Home Agent (Mobile IPv6)
- defined, Home Agents and Basic Operation
- host IPSec policies
- configuring, ipsec_config add host Syntax
- default, default Host IPSec Policy
- examples, Host IPSec Policy Configuration Examples
- host-to-gateway topology, Host-to-Gateway Topology
- configuration example, Example 3: Host to Gateway
- host-to-host
topology, Host-to-Host Topology
- host-to-host
tunnel topology, Host-to-Host Tunnel Topology
I- ICMP messages
- common messages used, IPv4 ICMP Messages
- discarding with IPv4, IPv4 ICMP Messages
- ICMPv6 messages, IPv6 ICMP Messages
- ID payload, Configuring IKE ID Information with Preshared Keys, Configuring Authentication Records with IKE IDs, ISAKMP Limitations
- IKE (Internet Key Exchange)
- defined, Introduction
- description, Internet Key Exchange (IKE)
- ID
- configuring for certificates, Configuring Authentication Records with IKE IDs
- policies
- examples, ipsec_config add IKE Command Examples
- protocol, Glossary
- public key distribution, IKE Public Key Distribution
- RFC, IPSec RFCs
- installing
- loading software, Step 2: Loading the HP-UX IPSec Software
- prerequisites, Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites
- verifying, Step 8: Committing the Batch File Configuration and Verifying Operation
- Internet Control Message
Protocol messages. (see ICMP messages)
- Internet Key Exchange (see IKE)
- Internet Security Association
and Key Management Protocol
- (see ISAKMP)
- interoperability
- IPFilter, IPFilter and IPSec Basics
- IP
- protocol 50 and 51 for IPSec, Allowing Protocol 50 and Protocol 51 Traffic
- IP address
- configuring in host IPSec policies, -source and -destination ip_addr[/prefix[/port_number|service_name]]
- configuring in IKE policies, -remote ip_addr[/prefix]
- IPFilter
- allowing IPSec traffic through the firewall, When Traffic Appears to be Blocked
- bidirectional configuration for IPSec, IPSec UDP Negotiation
- blocked traffic, When Traffic Appears to be Blocked
- configuration for IPSec IKE negotiation, IPSec UDP Negotiation
- debugging blocked IPSec traffic, When Traffic Appears to be Blocked
- IPSec gateway, IPSec Gateways
- use with IPSec, IPFilter and IPSec Basics
- IPSec
- daemons, Troubleshooting Procedures
- operation, IPSec Operation
- overview, Introduction
- RFCs, IPSec RFCs
- SA, Establishing Security Associations (SAs)
- Security Association, Outbound Data
- IPSec Manager
- launching, Step 2: Configuring Web Proxy Server Parameters, Step 3: Configuring the Baltimore Certificate
- IPSec password, Step 3: Setting the HP-UX IPSec Password
- IPSec policy
- configuring
- overview, Configuration Overview
- default, default Host IPSec Policy
- definition, Glossary
- selection process, Policy Order and Selection, Policy Order and Selection
- ipsec_admin, Step 3: Setting the HP-UX IPSec Password, Step 8: Committing the Batch File Configuration and Verifying Operation, Troubleshooting Utilities Overview, Configuring HP-UX IPSec Auditing
- -auditlvl option, Viewing and Configuring Audit Information
- -status option, Getting General Information
- to change audit directory, Viewing and Configuring Audit Information
- to change audit level, Viewing and Configuring Audit Information
- to get HP-UX IPSec status, Getting General Information
- ipsec_config add auth
- examples, Authentication Record Configuration Examples, Examples
- syntax, ipsec_config add auth Syntax, Syntax
- ipsec_config add bypass
- example, Bypass Configuration Example
- syntax, ipsec_config add bypass Syntax
- ipsec_config add
gateway
- syntax for Mobile IPv6, Syntax
- ipsec_config add host
- examples, Host IPSec Policy Configuration Examples
- syntax, ipsec_config add host Syntax
- ipsec_config add ike
- examples, ipsec_config add IKE Command Examples
- syntax, ipsec_config add ike Syntax
- ipsec_config add startup
- syntax, ipsec_config add startup Syntax
- ipsec_config add tunnel
- examples, Tunnel IPSec Policy Configuration Example
- ipsec_config tunnel
- syntax, ipsec_config add tunnel Syntax
- ipsec_mgr, Overview
- launching, Step 2: Configuring Web Proxy Server Parameters, Step 3: Configuring the Baltimore Certificate
- ipsec_policy, Troubleshooting Utilities Overview, Checking Policy Configuration
- to test which IPSec policy matches packet, Getting Policy Information
- ipsec_report, Step 8: Committing the Batch File Configuration and Verifying Operation, Troubleshooting Utilities Overview, Troubleshooting Procedures, ISAKMP/MM SA Negotiation Fails (Main Mode processing failed, MM negotiation timeout)
- IPv6
- certificates, Step 1: Verifying Prerequisites
- documentation, Configuration Example
- ICMPv6 messages, IPv6 ICMP Messages
- overview, Limitations of HP-UX IPSec Interoperating with Linux FreeSwan
- ISAKMP, Internet Key Exchange (IKE)
- ID payload, Configuring IKE ID Information with Preshared Keys, Configuring Authentication Records with IKE IDs, ISAKMP Limitations
- limitations, Product Restrictions
- protocol, Glossary
- RFC, IPSec RFCs
- SA, Establishing Security Associations (SAs)
- establishing, Outbound Data
- negotiation failure, ISAKMP/MM SA Negotiation Fails (Main Mode processing failed, MM negotiation timeout)
- reporting, Checking Status
- ISAKMP SA
- definition, Configuration Overview
- ISAKMP/Main
Mode Security Association (ISAKMP/MM SA)
- definition, Glossary
K- kernel
- policy engine, Outbound Data
- SA database, Outbound Data
- key
- asymmetric, Security Certificates and Public Key Cryptography
- lengths, Comparative Key Lengths
- management using IKE, Internet Key Exchange (IKE)
- private, Public Key Distribution
- public, Security Certificates and Public Key Cryptography, Public Key Distribution
- shared, Authentication Header (AH), ESP Encryption, IKE Preshared Key Authentication, Re-using Negotiations
- symmetric, ESP Encryption
- keying, dynamic, Security Associations (SAs) and IKE Phases
L- lifetime kilobytes
- configuring in host IPSec policies, lifetime_kbytes
- configuring in tunnel IPSec policies, lifetime_kbytes
- lifetime seconds
- configuring in host IPSec policies, lifetime_seconds
- configuring in IKE policies, -life lifetime_seconds
- configuring in tunnel IPSec policies, lifetime_seconds
- lifetimes, ISAKMP/MM SA Negotiation Succeeded, IPSec/QM SA Negotiation Fails (Quick Mode processing failed, QM negotiation timeout), Transform Lifetime Negotiation
- link errors, HP-UX IPSec Attempts to Encrypt/Authenticate and Fails
- Linux
- AES (Advanced Encryption Standard), Linux FreeSwan
- encryption options, Linux FreeSwan
- lKE policies
- configuring, ipsec_config add ike Syntax
- loading software, Step 2: Loading the HP-UX IPSec Software
- lSAKMP parameters
- (see IKE policies)
M- MAC, Glossary
- Main Mode (MM)
- defined, Security Associations (SAs) and IKE Phases, Glossary
- manual keys
- configuration example, Example 4: Manual Keys
- configuring, Using Manual Keys
- defined, Introduction
- definition, Glossary
- syntax for Mobile IPv6, -in and -out manual_key_sa_specification
- MC/ServiceGuard
- port numbers and protocols, Summary: MC/ServiceGuard Port Numbers and Protocols
- using with HP-UX IPSec, Introduction
- MD5
- RFC, IPSec RFCs
- Mobile
IPv6
- configuring HP-UX IPSec for, Configuration Procedure
- configuring MIPV6 flag in host IPSec policies, ipsec_config add host Flags
- Mobile Node (Mobile IPv6)
- defined, Mobile Node and Home Address
P- PASS
- configuring in host IPSec policies, -action
- password
- re-establishing if forgotten, Re-establishing the HP-UX IPSec Password
- setting, Step 3: Setting the HP-UX IPSec Password
- patch dependencies, Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites
- Perfect Forward Secrecy (PFS)
- configuring in IKE policies, -maxqm max_quick_modes
- defined, Re-using Negotiations, Glossary
- restrictions, Product Restrictions
- PFS
- (see Perfect Forward Secrecy)
- policy
- definition, Glossary
- manager daemon, Outbound Data
- port number
- configuring in host IPSec policies, -source and -destination ip_addr[/prefix[/port_number|service_name]]
- Prefix Discovery (Mobile
IPv6)
- defined, Prefix Discovery Packets Between the Home Agent and Mobile Node
- preshared keys, IKE Primary Authentication
- configuring, ipsec_config add auth Syntax
- configuring as an authentication method in IKE policies, -authentication authentication_type
- definition, Glossary
- primary authentication
- configuring in IKE policies, -authentication authentication_type
- priority
- configuring in host IPSec policies, Automatic Priority Increment, -priority priority_number
- configuring in IKE policies, -priority priority_number
- product limitations, Product Restrictions
- ISAKMP, Product Restrictions
- product requirements, HP-UX IPSec Product Requirements
- disk, Disk Requirements
- protocol
- configuring in host IPSec policies, -protocol protocol_id
- proxy identifiers
- configuring in tunnel IPSec policies, -source and -destination ip_addr[/prefix[/port_number|service_name]]
- proxy
server
- configuration, Step 2: Configuring Web Proxy Server Parameters
- public key, IKE Primary Authentication, Security Certificates and Public Key Cryptography
S- SA
- (see Security Association)
- Security Association, Security Associations (SAs) and IKE Phases, Step 8: Committing the Batch File Configuration and Verifying Operation, Outbound Data, Getting SA Information, Glossary
- negotiation, Establishing Security Associations (SAs)
- security certificates
- configuring as an authentication method in IKE policies, -authentication authentication_type
- Security Parameters Index
- (see SPI)
- service name
- configuring in host IPSec policies, -source and -destination ip_addr[/prefix[/port_number|service_name]]
- session-based
keying
- configuring in host IPSec policies, ipsec_config add host Flags
- SHA1
- RFC, IPSec RFCs
- shared key, Authentication Header (AH), ESP Encryption
- shared keys, Re-using Negotiations
- single-user mode, Step 2: Loading the HP-UX IPSec Software
- SKEME, Internet Key Exchange (IKE)
- software
- loading, Step 2: Loading the HP-UX IPSec Software
- SPI
(Security Parameters Index), Step 8: Committing the Batch File Configuration and Verifying Operation
- configuring for manual keys, -in and -out manual_key_sa_specification
- processing, Outbound Data
- startup options
- configuring, ipsec_config add startup Syntax
- status
- report, Step 8: Committing the Batch File Configuration and Verifying Operation
- verifying, Troubleshooting Procedures
- subnets
- configuring policies for
- ICMP messages, IPv4 ICMP Messages
- swinstall(1M), Step 2: Loading the HP-UX IPSec Software
- swlist(1M), Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites
- symmetric key, ESP Encryption
T- tools survey, Troubleshooting Utilities Overview
- topologies, HP-UX IPSec Topologies
- gateway-to-gateway, Gateway-to-Gateway Topology
- host-to-gateway, Host-to-Gateway Topology
- host-to-host, Host-to-Host Topology
- host-to-host tunnel, Host-to-Host Tunnel Topology
- tracing
- disabling, Troubleshooting Utilities Overview
- enabling, Troubleshooting Utilities Overview
- layer 4, Isolating HP-UX IPSec Problems from Upper-layer Problems, Reporting Problems
- transform
- action, Outbound Data
- configuring in host IPSec policies, -action
- configuring in tunnel IPSec policies, -action transform_list
- definition, Glossary
- discard, Step 8: Committing the Batch File Configuration and Verifying Operation
- ipsec operation, Establishing Security Associations (SAs)
- list, ISAKMP/MM SA Negotiation Succeeded, IPSec/QM SA Negotiation Fails (Quick Mode processing failed, QM negotiation timeout)
- pass, Step 8: Committing the Batch File Configuration and Verifying Operation
- verify, Step 8: Committing the Batch File Configuration and Verifying Operation
- transport mode, Transport Mode
- AH (Authentication Header), Transport Mode
- troubleshooting
- advanced, Internal Processing
- hints, Troubleshooting Procedures
- ipsec, IPSec Operation
- scenarios, Checking Status
- tunnel
- addresses
- configuring in tunnel IPSec policies, -tsource and -tdestination tunnel_address
- configuring in host IPSec policies, -tunnel tunnel_policy_name
- host-to-host topology, Host-to-Host Tunnel Topology
- IPSec policies
- configuring, ipsec_config add tunnel Syntax
- examples, Tunnel IPSec Policy Configuration Example
- mode
- AH (Authentication Header), Tunnel Mode
- ESP (Encapsulating Security Payload), Tunnel Mode
V- verifying the installation, Step 8: Committing the Batch File Configuration and Verifying Operation
- VeriSign
- and ipsec_mgr, Overview
- certificate request, Step 4: Requesting and Receiving Certificates
- configuration, Overview
- CRL, VeriSign
- OnSite
- administrator, Step 1: Verifying Prerequisites
- PKI
- architecture, Overview
- PKI components, Overview
- prerequisites, Step 1: Verifying Prerequisites
- proxy server
- configuration, Step 2: Configuring Web Proxy Server Parameters
- registering the Administrator, Step 3: Registering the Administrator
- troubleshooting, Problem
- VPN
- host-to-gateway topology, Host-to-Gateway Topology
|
Printable version
