IKE on Solaris 9

From: lkapoor@hss.hns.com
Date: Mon Aug 25 2003 - 09:46:35 EDT

• Next message: Farshid.Vaziri@seagate.com: "Re: DS 51.sp2"
• Previous message: Bruntel, Mitchell L, ALABS: "Summary Syslog ==BIG DUH"
• Next in thread: Naresh: "ntp configuration"
• Reply: Naresh: "ntp configuration"
• Reply: Naresh: "ntp config -- server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Admins,

For IKE on Solaris 9, we are configuring the following information for IKE
Configuration File.
------------------------------------------------------------
# The Default Configuration File for IKE Phase 1 Security Associations (SA)
## File Starts ##
##
## Phase 1 Transform Identifiers for Main Mode
##
p1_lifetime_secs 270
p2_lifetime_secs 30000
p1_nonce_len 20
##
## Phase 1 Transform Identifiers for Quick Mode
##
local_id_type ipv4
p2_nonce_len 20
##
## Policy Rules for IKE
{
label "default rule"
local_addr 192.168.212.251
remote_addr 192.168.212.93
p2_lifetime_secs 30000
p2_pfs 0
##
p1_xform
{ auth_method preshared oakley_group 1 auth_alg md5 encr_alg des }
}
##
## File Ends ##

------------------------------------------------------------
Whatever value we change the "p2_lifetime_secs" parameter to, in the final IPSec association created it is
still always 28,800 seconds (default). Here is part of the output of the
"ipseckey get esp spi 0xda3b3487 dst 192.168.212.93" command

------------------------------------------------------------
SLT: 28500 seconds of post-add lifetime.
SLT: 0 seconds of post-use lifetime.
SLT: Soft expiration occurs in 27736 seconds, at Tue Aug 26 01:54:20 2003.
HLT: Hard lifetime information: 0 bytes of lifetime, 0 allocations.
HLT: 28800 seconds of post-add lifetime.
HLT: 0 seconds of post-use lifetime.
HLT: Hard expiration occurs in 28036 seconds, at Tue Aug 26 01:59:20 2003.

Best Regards,
Lalit Kapoor
Senior Systems Engineer

"DISCLAIMER: This message is proprietary to Hughes Software Systems Limited
(HSS) and is intended solely for the use of the individual to whom it is
addressed. It may contain privileged or confidential information and
should not be circulated or used for any purpose other than for what it is
intended. If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient, you are
notified that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. HSS accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Farshid.Vaziri@seagate.com: "Re: DS 51.sp2"
• Previous message: Bruntel, Mitchell L, ALABS: "Summary Syslog ==BIG DUH"
• Next in thread: Naresh: "ntp configuration"
• Reply: Naresh: "ntp configuration"
• Reply: Naresh: "ntp config -- server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:58 EDT