Introduction

This document contains the following sections:

“Windows IP Security Configuration Overview” (page 13)

This section contains a brief overview of the Windows IPsec configuration parameters and the terminology used in the Windows IPsec configuration utilities.

“Configuring a Windows Host-to-Host Policy” (page 14)

This section describes how to configure IP Security (IPsec) on a Windows client to secure IP packets sent to and received from an HP-UX system in a host-to-host topology.

“Configuring a Windows End-to-End Tunnel Policy” (page 33)

This section describes how to configure IPsec on a Windows client to secure IP packets sent to and received from an HP-UX system in an end-to-end tunnel topology.

“Troubleshooting Tips” (page 38)

This section contains troubleshooting tips.

“Comparing HP-UX and Windows IPsec Configuration Parameters” (page 40)

This section compares how HP-UX and Windows systems configure and use IPsec parameters.

“Related Publications” (page 45)

This section contains a list of related HP-UX and Microsoft publications.

The procedures and examples in this document use preshared keys for IKE authentication. For information about using certificates for IKE authentication with Microsoft Windows, see Using Microsoft Windows Certificates with HP-UX IPSec, available at http://docs.hp.com.

The intended audience for this document is an HP-UX IPSec administrator who is familiar with the HP-UX IPSec product and with the IP Security protocol suite. If you are not familiar with the HP-UX IPSec product, see the appropriate version of the HP-UX IPSec Administrator's Guide, available at http://docs.hp.com.

NOTE: The IP Security protocol suite is often referred to as IPsec. The HP-UX product that implements the IP Security protocol suite is HP-UX IPSec.

Testing Environment

The procedures in this white paper were tested using the following environment:

Component

Description

HP-UX IPSec

Versions A.02.01 and A.02.01.01

Microsoft Windows Client

Windows XP with Service Pack 2 (SP2)

Known Problem with Windows 2000 SP1 and SP2

For this white paper, HP did not test with Windows 2000 systems. However, there is a known problem with Windows 2000 base systems and Windows 2000 systems with Service Pack 1 (SP1) or Service Pack 2 (SP2). The IP Security module on these systems does not properly process IPSec ESP packets that are fragmented across IP packets and drops these packets. The symptoms vary according to how the applications handle the dropped packets.

This problem is caused by a defect in the Windows 2000 SP1/ SP2 software and is fixed in Windows 2000 Service Pack 3 (SP3).

Introduction 11

Page 11
Image 11
HP UX IPSec Software manual Introduction, Testing Environment, Known Problem with Windows 2000 SP1 and SP2

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.