Manualshelf

HP-UX IPSec A.02.00.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
HP-UX IPSec Release Notes
Known Problems and Workarounds
Chapter 1 7
Known Problems and Workarounds
The lower bound for IPSec SA lifetime seconds (
lifetime_seconds
) is 600 seconds for
HP-UX IPSec version A.02.00 and 300 seconds for version A.02.00.01.
The range for IPSec SA
lifetime_seconds
configured in a transform is listed as 0
(infinite), or 600 - 4294967294 seconds on pages 77 and 87 of HP-UX IPSec version
A.02.00 Administrator’s Guide. For release A.02.00.01, the range for
lifetime_seconds
of an IPSec transform is 0 (infinite), or 300 - 4294967294 seconds.
HP-UX IPSec A.02.00.01 does not support Entrust security certificates. As a workaround,
you can use preshared keys, Baltimore UniCert certificates, or VeriSign certificates for
IKE (primary) authentication.
•The ipsec_mgr GUI will not be displayed correctly if the fonts for your X-display are
incorrectly set. To fix this problem, run the following command on your local system:
xset +fp /usr/lib/X11/fonts/iso_8859.1/75dpi/
Some of the ipsec_mgr screens will not be properly displayed (text and subfields will not
appear) if there are insufficient color resources available in your display environment. If
this occurs, terminate other applications that are using color resources, then exit and
restart ipsec_mgr.
On rare occasions, the ipsec_mgr GUI will hang even though a request was completed
successfully during VeriSign certificate operations. This is a known problem that results
from network congestion. If this problem occurs, determine the process ID (PID) for the
ipsec_mgr process by entering the following command:
ps -ef | grep ipsec_mgr | grep -v grep
The ipsec_mgr PID is the number in the second column. Kill the ipsec_mgr process by
entering the following command, where
pid
is the ipsec_mgr PID:
kill -SIGQUIT
pid
.
Killing the process will not corrupt your VeriSign certificate data or affect certificate
processing.
If you are using DNS, NIS or NIS+ to resolve hostnames to IP addresses and you have an
IPSec policy that discards, encrypts or authenticates packets to the DNS, NIS or NIS+
server, you must make sure that the hostname resolution services are configured as
follows: