Tunnel Settings

The tunnel settings specify if the rule is a tunnel rule. If it is a tunnel rule, the settings also specify the tunnel destination endpoint.

Connection Type

The connection type specifies the connection (link) types for the rule, such as LAN.

General

The general parameters for a policy specify IKE SA parameters, such as the IKE encryption algorithm, IKE hash (integrity algorithm), Diffie-Hellman Group, and IKE SA key lifetimes. The parameters correspond to IKE SA proposals. You can configure multiple IKE SA proposals and specify the preference order. The proposals are used for all rules in the policy.

By comparison, a minimal HP-UX IPSec configuration consists of one or more IPsec host policies, one or more IKE policies, and one or more authentication records. The IPsec host policies specify address filters, and you can configure separate IKE policies for each peer. “Comparing HP-UX and Windows IPsec Configuration Parameters” (page 40) lists IPsec configuration parameters and how they are configured in the HP-UX IPSec and the Windows IP Security configuration utilities.

Configuring a Windows Host-to-Host Policy

This section describes one method for configuring host-to-host policy on a Windows XP client using the IP Security Policies snap-in utility. Windows also supports command-line utilities to configure IP Security policies: ipseccmd on Windows XP systems and netsh on Windows 2003 systems. For more information about these utilities, see the Windows documentation set.

To use this method, complete the following steps:

1.Start the IP Security Policies snap-in utility. See “Step 1: Starting the IP Security Policies Snap-in Configuration Utility” (page 15).

2.Create an IP Security policy. See “Step 2: Creating a Policy” (page 15).

3.Add a rule to the policy. See “Step 3: Adding a Rule” (page 16).

4.Create a Filter List for the rule and configure filters. See “Step 4: Creating the IP Filter List and Filters for the Rule” (page 18).

5.Configure filter actions for the rule. The filter actions contain IPsec transforms or other actions. See “Step 5: Configuring Filter Actions for the Rule” (page 21).

6.Configure the IKE authentication method and preshared key for the rule. See “Step 6: Configuring the IKE Authentication Method and Preshared Key for the Rule” (page 25).

7.Specify the network link (connection) types for the rule. See“Step 7: Configuring the Connection Type for the Rule” (page 26).

8.Modify the IKE SA parameters for the policy. By default, Windows clients will use IKE SA parameters that are compatible with the default HP-UX IPSec parameters. If these parameters are acceptable, you can skip this step. See “Step 8: Modifying IKE Parameters for the Policy” (page 26).

9.Start the IP Security service. The IP Security service must be running before you can assign the new IP Security policy. See “Step 9: Starting the IP Security Service” (page 29).

10.Assign (activate) the new IP Security Policy. See “Step 10: Assigning the IP Security Policy” (page 30).

11.Verify the configuration. See “Step 11: Verifying the Configuration” (page 31).

Because this is a host-to-host rule, we will use the default value for the rule tunnel setting (no tunnel). For information about configuring a tunnel rule and the tunnel setting, see “Configuring a Windows End-to-End Tunnel Policy” (page 33).

14

Page 13 Page 15
Page 14
Image 14
HP UX IPSec Software manual Configuring a Windows Host-to-Host Policy, Tunnel Settings
Page 13 Page 15

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.
Top Page Image Contents