Contact Us Contact Us

HP-UX IPSec

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications
Select
Overview

HP-UX IPSec (J4256AA) provides an infrastructure to allow secure communications (authentication, integrity, confidentiality) over IP-based networks between systems and devices that implement the IPsec protocol suite.

Features and Benefits:

Some of the benefits of HP-UX IPSec are:

  • Adheres to all relevant IPSec standards, including IKEv1 (Internet Key Exchange version 1) and IKEv2 (Internet Key Exchange version 2).
  • Easily adopted and transparent to existing applications. Protects the customer's investment.
  • Demonstrated multi-vendor interoperability.
  • Host-based authentication:
    • Preshared keys
    • Digital certificates
  • Command-line interface (CLI) for policy configuration:
    • Profile file to provide default parameter values that can be modified by the user
    • Flexible rule-based security attribute and access control policy configurations -- allows combinations of IP addresses, prefix lengths, ports, and protocols in specifying security attributes configuration and packet filtering
    • Batch mode for bulk configuration
  • Diagnostic and monitoring tools. Logging and audit trail for accountability and intrusion alerts.
  • Focused on end-system IPSec. HP-UX IPSec can communicate with other end-systems (transport mode) or VPN gateways (tunnel mode).
  • Crypto performance is optimized for HP-UX Integrity processors.

For more information, see HP-UX IPSec documentation.

Click View all to see the product documentation related to IPSec.

The documentation includes release notes, an administrator guide, various types of user and configuration guides, and white papers. For information about the latest releases and new features of HP-UX IPSec, see the appropriate version of the release notes.

What's New in Version A.03.02.02?   

HPUX-IP Sec A.03.02.02 release adheres with RFC4868 to support HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 both for IKE and ESP (Encapsulating Security Payload). It also supports the new encryption algorithms AES-CBC-192 and AES-CBC-256 in addition to the currently supported AES-CBC-128 transforms that exist in A.03.01.01 version (RFC3602).

HP-UX IPSec A.03.02.02 has a dependency on PHNE_43412 patch.

The A.03.02.02 release of HP-UX IPSec introduces the following changes:

  • IKE new algorithms support
  • ESP new algorithm support

  • Ipsec_config
  • Ipsec_report

For more information, see HP-UX IPSec A.03.02.02 Release Notes.

What's New in Version A.03.01.01?

Features introduced with HP-UX IPSec version A.03.01.01 include the following:

  • Revised requirement for OpenSSL software

HP-UX IPSec A.03.01.01 requires OpenSSL software version A.00.09.08q or later.

For the IKE protocol, HP-UX IPSec now supports the Diffie-Hellman (D-H) group having Transform ID 24. The D-H group 24 is described in RFC 5114. For more information, see RFC 5114 at the following IETF web page:
http://tools.ietf.org/html/rfc5114

The ipsec_config command is enhanced to support configuration of D-H group 24. Specify -group 24 with the ipsec_config add ikev1 or ipsec_config add ikev2 command.
HP-UX IPSec also supports configuration of groups 2, 5, and 14.

For more information about the new configuration feature, including examples,  see HP-UX IPSec A.03.01.01 Release Notes.

What's New in Version A.03.00.01?

This version of HP-UX IPSec enhances the ipsec_config add csr command to accept multiple values for the following types of alternative names for the subjectAlternativeName field of a certificate:

  • -alt-ipv4
  • -alt-fqdn
  • -alt-user-fqdn

Without this enhancement, if IPSec is being used with the Secure Resource Partitions (SRP) product, then each SRP would have to use the same ID when authenticating.

For more information about  ipsec_config add csr command, see HP-UX IPSec A.03.00.01 Release Notes.

What's New in Version A.03.00?

HP-UX IPSec version A.03.00 includes the following new features:

  • Support for IKE version 2.

  • Support for multiple-level Public Key Infrastructures (PKIs).

  • Support for PKCS#12 certificates.

    HP-UX IPSec can now import security certificates and private keys created by PKI vendor utilities and encoded using PKCS#12.
  • AA "fall back to clear" option to allow clear text packets if the remote system does not respond to IPsec requests or if the remote system initiates traffic in clear text.

  • Supports the new series of IPsec RFCs (IPsec v3), including RFC 4301.

Supported RFCs

HP-UX IPSec conforms to the following IETF standards:

  • RFC 2401 -- Security Architecture for the Internet Protocol
  • RFC 2402 -- IP Authentication Header
  • RFC 2403 -- The Use of HMAC-MD5-96 within ESP and AH
  • RFC 2404 -- The Use of HMAC-SHA-1-96 within ESP and AH
  • RFC 2405 -- The ESP DES-CBC Cipher Algorithm With Explicit IV
  • RFC 2406 -- IP Encapsulating Security Payload (ESP)
  • RFC 2407 -- The Internet IP Security Domain of Interpretation (DOI) for ISAKMP
  • RFC 2408 -- Internet Security Association and Key Management Protocol (ISAKMP)
  • RFC 2409 -- The Internet Key Exchange (IKE)
  • RFC 2410 -- The NULL Encryption Algorithm and its use with IPSec
  • RFC 2411 -- IP Security Document Roadmap
  • RFC 2412 -- The OAKLEY Key Determination Protocol
  • RFC 2451 -- The ESP CBC-Mode Cipher Algorithms
  • RRFC 2459 -- Internet X.509 Public Key Infrastructure Certificate and CRL Profile
  • RFC 3602 -- The AES-CBC Cipher Algorithm and Its Use with IPsec
  • RFC 4301 -- Security Architecture for the Internet Protocol LI>RFC 4302 -- IP Authentication Header
  • RFC 4303 -- IP Encapsulating Security Payload (ESP)
  • RFC 4306 -- Internet Key Exchange (IKEv2)
  • RFC 4307 -- Cryptographic Algorithms for Use in the Internet Key Exchange
  • RFC 4835 -- Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH).
  • RRFC 5114 -- IKE support for Diffie-Hellman Group 24
  • RFC 4868 -- Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec



    Last modified: April 2014

     
    Additional product information
    Product #: J4256AA
    Version: A.03.02.02
    Software specification: HP-UX IPSec A.02.01.01 for HP-UX 11i version 1 B.11.11(J4256AA_A.02.01.01_HP-UX_B.11.11_32_64.depot)
    HP-UX IPSec A.03.00 for HP-UX 11i version 2 B.11.23(J4256AA_A.03.00_HP-UX_B.11.23_IA_PA.depot)
    HP-UX IPSec A.03.00.01 for HP-UX 11i version 3 B.11.31(IPsec_A.03.00.01_HP-UX_B.11.31_IA_PA.depot)
    HP-UX IPSec A.03.01.01 for HP-UX 11i version 3 B.11.31(IPsec_A.03.01.01_HP-UX_B.11.31_IA_PA.depot)
    HP-UX IPSec A.03.02.02 for HP-UX 11i version 3 B.11.31(IPsec_A.03.02.02_HP-UX_B.11.31_IA_PA.depot)
    Installation
    Select