About This Document.........................................................................................................
9
Typographic Conventions......................................................................................................................
Introduction..........................................................................................................................................
11
Testing Environment.......................................................................................................................
Known Problem with Windows 2000 SP1 and SP2...................................................................
Protocol Implementation Differences..............................................................................................
12
Windows IP Security Configuration Overview....................................................................................
13
Configuring a Windows Host-to-Host Policy.......................................................................................
14
Step 1: Starting the IP Security Policies Snap-in Configuration Utility...........................................
15
Step 2: Creating a Policy..................................................................................................................
Step 3: Adding a Rule......................................................................................................................
16
Step 4: Creating the IP Filter List and Filters for the Rule...............................................................
18
Step 5: Configuring Filter Actions for the Rule...............................................................................
21
Step 6: Configuring the IKE Authentication Method and Preshared Key for the Rule..................
25
Step 7: Configuring the Connection Type for the Rule...................................................................
26
Step 8: Modifying IKE Parameters for the Policy............................................................................
Step 9: Starting the IP Security Service............................................................................................
29
Step 10: Assigning the IP Security Policy........................................................................................
30
Step 11: Verifying the Configuration...............................................................................................
31
Example...........................................................................................................................................
Windows Configuration.............................................................................................................
HP-UX Configuration................................................................................................................
32
Additional Options...............................................................................................................
Configuring a Windows End-to-End Tunnel Policy.............................................................................
33
Outbound Tunnel Rule Requirements............................................................................................
Inbound Tunnel Rule Requirements...............................................................................................
Configuring a Tunnel Rule..............................................................................................................
34
Outbound Rule.....................................................................................................................
Inbound Rule........................................................................................................................
35
Additional Parameters..........................................................................................................
36
37
Troubleshooting Tips............................................................................................................................
38
Using IKE Logging on HP-UX Systems..........................................................................................
Using IKE Logging on Windows Systems.......................................................................................
Additional Windows Troubleshooting Tools..................................................................................
39
Comparing HP-UX and Windows IPsec Configuration Parameters....................................................
40
Mirrored Filters...............................................................................................................................
41
Filter Selection.................................................................................................................................
42
IKE Parameter Selection..................................................................................................................
IKE SA Key (Master Key) Lifetime Values......................................................................................
HP-UX IKE SA Lifetime Values.................................................................................................
Windows IKE SA Lifetime Values..............................................................................................
43
Maximum Quick Modes..................................................................................................................
Perfect Forward Secrecy (PFS).........................................................................................................
IPsec SA Key (Session Key) Lifetime Values...................................................................................
HP-UX IPsec SA Lifetime Values...............................................................................................
Windows IPsec SA Lifetime Values...........................................................................................
44
Related Publications..............................................................................................................................
45
Table of Contents
3