Figure 17 Assigning the IP Security Policy

Step 11: Verifying the Configuration

To verify your configuration, generate traffic that matches the address filter.

On the HP-UX system, enter the following command to verify that the IKE SA and IPsec SAs are established:

ipsec_report -sa

Example

In this example, IPsec secures telnet connections from the Windows system to the HP-UX system, using authenticated ESP.

The Windows system's address is 10.1.1.1

The HP-UX system's address is 10.2.2.2.

Windows Configuration

The Windows administrator configures and assigns an IP Security policy with the following parameters:

One rule, with the following parameters:

Filter List: One filter, with the following parameters:

Addressing:

Source address: the Windows system's address.

Destination address: the HP-UX system's address.

Mirrored: yes (the Mirrored box is selected). These parameters are shown in Figure 5 (page 19).

Protocol: TCP; source port any, destination port 23 (telnet).

Protocol: TCP

From port: any

To port: 23 (telnet server)

These parameters are shown in Figure 6 (page 20).

Filter Action: Negotiate security, using the default settings for Encryption and Integrity (authenticated ESP using 3DES and SHA1).

Authentication Method: IKE using the preshared key my_preshared_key, as shown in Figure 12 (page 26).

Tunnel Settings: No tunnel (this is the default).

Connection Type: All network connections (this is the default).

General parameters: The general parameters for the policy are set to the default values (four IKE SA proposals, including 3DES encryption, SHA1 integrity and Diffie-Hellman Group 2).

Configuring a Windows Host-to-Host Policy 31