HP-UX IPSec A.02.00.01 Release Notes
HP-UX IPSec Release Notes
Known Problems and Workarounds
Chapter 18
—The /etc/nsswitch.conf file must specify files as the first database for resolving
hostnames. You can then specify other sources (such as DNS) as backup databases, as
shown in the example below:
hosts: files [NOTFOUND=continue] dns
—The /etc/hosts file must contain an entry for the local hostname mapped to its IP
address an entry for localhost and loopback mapped to the IP address 127.0.0.1, as
shown in the example below:
192.6.1.1 myhost
127.0.0.1 localhost loopback
Windows 2000 Interoperability Problems
Windows 2000 base systems and Windows 2000 systems with Service Pack 1 (SP1) or Service
Pack 2 (SP2) do not properly process IPSec ESP packets that are fragmented across IP
packets. The Windows 2000 system drops these packets. The symptoms vary according to how
the applications handle the dropped packets.
This problem is caused by a defect in the Windows 2000 SP1/ SP2 software and is fixed in
Windows 2000 Service Pack 3 (SP3).
The above problem typically occurs with ESP-encrypted UDP or ICMP packets that are
fragmented by IP. HP-UX 11i v1 systems minimize IP fragmentation of ESP-encrypted TCP
packets. You may still experience problems with ESP-encrypted TCP packets sent from an
HP-UX system to a Windows 2000 system if an intermediary IP gateway fragments the ESP
packet.