HP UX IPSec Software Comparing HP-UXand Windows IPsec Configuration Parameters

Comparing HP-UX and Windows IPsec Configuration Parameters

This section contains Table 1, which compares how HP-UX and Windows systems configure and store IPsec parameters. It also contains the following subsections, which provide additional comparative information:

•“Mirrored Filters” (page 41)

•“Filter Selection” (page 42)

•“IKE Parameter Selection” (page 42)

•“IKE SA Key (Master Key) Lifetime Values” (page 42)

•“Maximum Quick Modes” (page 43)

•“Perfect Forward Secrecy (PFS)” (page 43)

•“IPsec SA Key (Session Key) Lifetime Values” (page 43)

Table 1 IPsec Parameters on Windows and HP-UX

Parameter	Windows Configuration	HP-UX Configuration	Notes
Address Filters	Specify them in the Filter	Specify one filter per host,	Windows and HP-UX
	List for a rule. The Filter List	tunnel, or gateway policy.	support subnet masks for IP
	can contain multiple	Use the -sourceand	addresses and wildcards for
	address filters.	-destination arguments	IP addresses, protocols, and
		in the ipsec_config add	port numbers.
		host , tunnel, or	See “Mirrored Filters”
		gateway command.	(page 41) for additional
			information.
IPsec SA Proposals	Specify them in the Filter	Specify them using the	HP-UX IPSec supports ESP
	Action for a rule.	-actionargument in the	encryption using the
		ipsec_config add	following protocols:
		gateway, host, or tunnel	Advanced Encryption
		command.	Standard (AES), Triple Data
			Encryption Standard
			(3DES), and Data
			Encryption Standard (DES).
			Windows XP and Windows
			2000 support 3DES and
			DES, but do not support
			AES.

Filter Priority

Maximum IPsec SA Lifetime, measured by time or by data

Tunnel endpoint address

Not applicable.	Specify it using the	See “Filter Selection”
	-priorityargument in	(page 42) for additional
	the ipsec_config add	information.
	gateway or host
	command.
Specify it in the Custom	Specify it in the transform	See “IPsec SA Key (Session
Security Methods dialog	specification for the	Key) Lifetime Values”
box under the Filter Action	-actionargument in the	(page 43) for additional
for a rule.	ipsec_config add host	information.
	or tunnel command.
Specify the destination	Specify the endpoints using	See “Mirrored Filters”
tunnel endpoint (the	the -tsource and	(page 41) for additional
endpoint for the	-tdestination	information.
destination) in the Tunnel	arguments of
Settings for a rule. You must	theipsec_config add
configure two	tunnel command.
uni-directional
(non-mirrored) rules.

IKE Authentication Method Specify it in the	Specify it using the -auth
Authentication Methods for	argument of the
a rule.	ipsec_config add ike
	command.