Comparing HP-UX and Windows IPsec Configuration Parameters
This section contains Table 1, which compares how
•“IKE Parameter Selection” (page 42)
•“IKE SA Key (Master Key) Lifetime Values” (page 42)
•“Maximum Quick Modes” (page 43)
•“Perfect Forward Secrecy (PFS)” (page 43)
•“IPsec SA Key (Session Key) Lifetime Values” (page 43)
Table 1 IPsec Parameters on Windows and
Parameter | Windows Configuration | Notes | |
Address Filters | Specify them in the Filter | Specify one filter per host, | Windows and |
| List for a rule. The Filter List | tunnel, or gateway policy. | support subnet masks for IP |
| can contain multiple | Use the | addresses and wildcards for |
| address filters. | IP addresses, protocols, and | |
|
| in the ipsec_config add | port numbers. |
|
| host , tunnel, or | |
|
| gateway command. | (page 41) for additional |
|
|
| information. |
IPsec SA Proposals | Specify them in the Filter | Specify them using the | |
| Action for a rule. | encryption using the | |
|
| ipsec_config add | following protocols: |
|
| gateway, host, or tunnel | Advanced Encryption |
|
| command. | Standard (AES), Triple Data |
|
|
| Encryption Standard |
|
|
| (3DES), and Data |
|
|
| Encryption Standard (DES). |
|
|
| Windows XP and Windows |
|
|
| 2000 support 3DES and |
|
|
| DES, but do not support |
|
|
| AES. |
Filter Priority
Maximum IPsec SA Lifetime, measured by time or by data
Tunnel endpoint address
Not applicable. | Specify it using the | |
| (page 42) for additional | |
| the ipsec_config add | information. |
| gateway or host |
|
| command. |
|
Specify it in the Custom | Specify it in the transform | |
Security Methods dialog | specification for the | |
box under the Filter Action | (page 43) for additional | |
for a rule. | ipsec_config add host | information. |
| or tunnel command. |
|
Specify the destination | Specify the endpoints using | |
tunnel endpoint (the | the | (page 41) for additional |
endpoint for the | information. | |
destination) in the Tunnel | arguments of |
|
Settings for a rule. You must | theipsec_config add |
|
configure two | tunnel command. |
|
|
| |
|
|
IKE Authentication Method Specify it in the | Specify it using the |
Authentication Methods for | argument of the |
a rule. | ipsec_config add ike |
| command. |
40