Manualshelf

HP-UX IPSec A.02.00.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
891011121314151617
HP-UX IPSec Release Notes
Patches and Fixes in This Version
Chapter 116
Event: request OAKLEY_RULE with seq 6, peer ::
Msg: 1101 From: IKMPD Lvl: ERROR Date: Fri Jul 16 13:12:55 2004
Event: Received OAKLEY_RULE for seq 6 but no ISAKMP SA is required.
Existing IPSec/Quick Mode Security Associations (IPSec/QM SAs) will continue to
operate, but any network activity that requires new IPSec/QM SAs will fail and the
application layer will receive a connection timeout error.
JAGaf32504: The IPSec/Quick Mode Security Association (IPSec/QM SA) lifetime range
was not consistent with the range in previous HP-UX IPSec releases.
The ipsec_config utility allowed a minimum value of 600 seconds for IPSec/QM SAs.
The new minimum value is 300 seconds, which is consistent with HP-UX IPSec versions
prior to A.02.00.
JAGaf34581: Preshared or manual key values may be improperly stored if the byte count
is not a multiple of three.
If the byte count of a preshared or manual key is not a multiple of three, the buffer
allocated for the key value is insufficient in the routines used to store the key values in
the configuration database. This may cause incorrect key values to be stored. If incorrect
preshared key values are stored, ISAKMP/Main Mode negotiations will fail and the
HP-UX IPSec audit log will contain a Main Mode process failed message. If incorrect
manual key values are stored, data transmission will fail and the nettl log file will show
STREAMS entries with the message Can't pullup pad/protocol and Padding checks
failed. In both cases, the application layer will receive a connection timeout error.