HP-UX IPSec

HP-UX IPSec A.02.01.01 provides an infrastructure to allow secure communications (authentication, integrity, confidentiality) over IP networks between systems and devices that implement the IPsec protocol suite.

Some of the benefits of HP-UX IPSec are as follows:

Adheres to all relevant IPSec standards, including IKE (Internet Key Exchange) for automated key generation.
Data privacy and data integrity and authentication.
Application-transparent security.
High-speed encryption, with throughput for encrypted data transmission as high as 91.95 Mb/s in a 100 Mb/s topology.
Dynamic data encryption key management using IKE.
Demonstrated multi-vendor interoperability. HP-UX IPSec interoperates with over 25 other vendor implementations, including Cisco, Microsoft, and Linux.
Host-based authentication using preshared keys and digital certificates.
Support for IPv4 and IPv6.
Support for HP-UX Mobile IPv6.
Support for HP Serviceguard.
Powerful and flexible management utilities:
- Easy-to-use Command-Line Interface (CLI) configuration that supports batch-mode configuration.
- Flexible, packet-based configuration.
- Configuration test utility.
- Diagnostic and monitoring tools; logging and audit trail for accountability and intrusion alerts.
- Host-based IPsec topologies.

HP-UX IPSec is supported on host systems in host-to-host and in host-to-gateway topologies. You can use HP-UX IPSec to provide security in internal networks and to provide Virtual Public Network (VPN) solutions across public Internet communication.

You can also use HP-UX IPSec to secure packets between gateway or proxy application servers that are publicly accessible and backend application servers.

Summary of Change

What’s New for Customers Migrating from HP-UX 11i v1 September 2005?

HP-UX IPSec was not delivered on previous OE releases, but HP-UX IPSec A.02.01.01 was delivered on AR media for HP-UX 11i.

There is no difference in functionality between HP-UX IPSec A.02.01 and HP-UX IPSec A.02.01.01. However, the A.02.01.01 version for HP-UX 11i v3 differs from the A.02.01 and A.02.01.01 versions for 11i as follows:

The software bundle name is now IPsec instead of J4256AA.
There are no dependencies on TOUR or HP-UX Transport patches.

What’s New for Customers Migrating from HP-UX 11i v2 June 2006?

HP-UX IPSec was not delivered on previous OE releases, but HP-UX IPSec A.02.01.01 was delivered on AR media for HP-UX 11i.

The software bundle name is now IPsec instead of J4256AA.
There are no dependencies on TOUR or HP-UX Transport patches.

Impact

Customers using versions of HP-UX IPSec prior to A.02.01 must use the ipsec_migrate utility to migrate configuration data.

Compatibility

Customers using versions of HP-UX IPSec prior to A.02.01 must use the ipsec_migrate utility to migrate configuration data. Customers using security certificates with HP-UX IPSec may need to perform additional migration tasks.

Performance

The HP-UX Performance White Paper (available at http://docs.hp.com) contains performance statistics and information for HP-UX IPSec on HP-UX 11i v2. Customers will experience similar performance on HP-UX 11i v3 systems.

Documentation

For further information, see the following manpages:

ipsec_admin(1M)
ipsec_config(1M)
ipsec_config_add(1M)
ipsec_config_batch(1M)
ipsec_config_delete(1M)
ipsec_config_export(1M)
ipsec_migrate(1M)
ipsec_policy(1M)
ipsec_report(1M)

In addition, see the following documents, available at http://docs.hp.com/en/internet.html#IPSec:

HP-UX IPSec version A.02.01 Administrator’s Guide (J4256-90015)
HP-UX IPSec version A.02.01.01 Release Notes (J4256-90022)
HP-UX IPSec Performance and Sizing White Paper
Using OpenSSL Certificates with HP-UX IPSec A.02.01
HP-UX IPSec version A.02.01 Manpages

Obsolescence

Not applicable.