HP UX IPSec Software manual 22

•Security Methods

•General

Select the Security Methods tab, then select Negotiate security. Verify that the following check boxes are not selected:2

•Accept unsecured communication, but always respond using IPSec.

•Allow unsecured communication with non-IPSec-aware computer.

In addition, verify that the Session key perfect forward secrecy (PFS) check box is not selected. (HP-UX does not support session key PFS, also referred to as PFS for keys only. HP-UX supports PFS for keys only in conjunction with PFS for identities. See “Perfect Forward Secrecy (PFS)” (page 43) for more information.)

For example:

Figure 8 Security Methods for Filter Action

Click Add.

The IP Security configuration utility opens the Security Method dialog box (Figure 9):

2.HP-UX IPSec does not have options that are equivalent to these check boxes. If an HP-UX IPsec policy requires IP security, then HP-UX always requires IP security for packets that match the policy and drops any packets that match the policy but are not secured.

22