HP UX IPSec Software manual Configuring a Windows Host-to-Host Policy, Tunnel Settings

Page 14

Tunnel Settings

The tunnel settings specify if the rule is a tunnel rule. If it is a tunnel rule, the settings also specify the tunnel destination endpoint.

Connection Type

The connection type specifies the connection (link) types for the rule, such as LAN.

General

The general parameters for a policy specify IKE SA parameters, such as the IKE encryption algorithm, IKE hash (integrity algorithm), Diffie-Hellman Group, and IKE SA key lifetimes. The parameters correspond to IKE SA proposals. You can configure multiple IKE SA proposals and specify the preference order. The proposals are used for all rules in the policy.

By comparison, a minimal HP-UX IPSec configuration consists of one or more IPsec host policies, one or more IKE policies, and one or more authentication records. The IPsec host policies specify address filters, and you can configure separate IKE policies for each peer. “Comparing HP-UX and Windows IPsec Configuration Parameters” (page 40) lists IPsec configuration parameters and how they are configured in the HP-UX IPSec and the Windows IP Security configuration utilities.

Configuring a Windows Host-to-Host Policy

This section describes one method for configuring host-to-host policy on a Windows XP client using the IP Security Policies snap-in utility. Windows also supports command-line utilities to configure IP Security policies: ipseccmd on Windows XP systems and netsh on Windows 2003 systems. For more information about these utilities, see the Windows documentation set.

To use this method, complete the following steps:

1.Start the IP Security Policies snap-in utility. See “Step 1: Starting the IP Security Policies Snap-in Configuration Utility” (page 15).

2.Create an IP Security policy. See “Step 2: Creating a Policy” (page 15).

3.Add a rule to the policy. See “Step 3: Adding a Rule” (page 16).

4.Create a Filter List for the rule and configure filters. See “Step 4: Creating the IP Filter List and Filters for the Rule” (page 18).

5.Configure filter actions for the rule. The filter actions contain IPsec transforms or other actions. See “Step 5: Configuring Filter Actions for the Rule” (page 21).

6.Configure the IKE authentication method and preshared key for the rule. See “Step 6: Configuring the IKE Authentication Method and Preshared Key for the Rule” (page 25).

7.Specify the network link (connection) types for the rule. See“Step 7: Configuring the Connection Type for the Rule” (page 26).

8.Modify the IKE SA parameters for the policy. By default, Windows clients will use IKE SA parameters that are compatible with the default HP-UX IPSec parameters. If these parameters are acceptable, you can skip this step. See “Step 8: Modifying IKE Parameters for the Policy” (page 26).

9.Start the IP Security service. The IP Security service must be running before you can assign the new IP Security policy. See “Step 9: Starting the IP Security Service” (page 29).

10.Assign (activate) the new IP Security Policy. See “Step 10: Assigning the IP Security Policy” (page 30).

11.Verify the configuration. See “Step 11: Verifying the Configuration” (page 31).

Because this is a host-to-host rule, we will use the default value for the rule tunnel setting (no tunnel). For information about configuring a tunnel rule and the tunnel setting, see “Configuring a Windows End-to-End Tunnel Policy” (page 33).

14

Page 13 Page 15
Image 14
Page 13 Page 15
Contents HP Part Number J4256-90025 Published June Edition Page Table of Contents Glossary List of Figures Page List of Tables Page About This Document Typographic ConventionsPage Introduction Testing EnvironmentKnown Problem with Windows 2000 SP1 and SP2 Protocol Implementation Differences Windows IP Security Configuration Overview RulesConfiguring a Windows Host-to-Host Policy Tunnel SettingsCreating a Policy Adding a Rule IP Security Policy WizardRules Tab Creating the IP Filter List and Filters for the Rule Creating an IP Filter ListClick OK to return to the Filter Properties dialog box Protocol Tab for Filter Properties Configuring Filter Actions for the Rule Selecting the Filter List for a RuleSecurity Methods for Filter Action Encryption and Integrity Click Apply Selecting the Filter Action Configuring the Connection Type for the Rule Modifying IKE Parameters for the PolicyGeneral Policy Properties Dialog Box Master key perfect forward secrecy PFS Starting the IP Security Service IKE Security Algorithms Dialog BoxIpsec Services Properties Dialog Box Assigning the IP Security PolicyExample Verifying the ConfigurationWindows Configuration HP-UX Configuration Outbound Tunnel Rule Requirements Configuring a Windows End-to-End Tunnel PolicyConfiguring a Tunnel Rule Inbound Tunnel Rule RequirementsOutbound Rule Outbound Rule Filter Inbound Rule Filter HP-UX Configuration Using IKE Logging on Windows Systems Troubleshooting TipsUsing IKE Logging on HP-UX Systems Additional Windows Troubleshooting Tools Disable IKE logging. On Windows XP systems, setComparing HP-UX and Windows IPsec Configuration Parameters IPsec Parameters on Windows and HP-UXMirrored Filters Values page 42 forIKE SA Key Master Key Lifetime Values Filter SelectionIKE Parameter Selection HP-UX IKE SA Lifetime ValuesIPsec SA Key Session Key Lifetime Values Maximum Quick ModesPerfect Forward Secrecy PFS Windows IKE SA Lifetime ValuesWindows IPsec SA Lifetime Values Related Publications Page Glossary Transform
Related manuals
Manual 318 pages 32.64 Kb Manual 8 pages 43.6 Kb

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.
Top Page Image Contents