Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v1 | HP-UX 11i v2, Update 2

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
9101112131415161718
To retrieve a VeriSign CRL, you must manually retrieve it using the VeriSign OnSite web interface
to store it in a local file, and then use the following command to manually store the file in the
HP-UX IPSec storage scheme:
ipsec_config add crl -file crl_filename
The crl_filename is the name of the local file that contains the CRL retrieved from VeriSign.
Migrating A.01.01 - A.01.03 MD5 Transforms
HP-UX IPSec versions A.01.04 and higher fix a defect in the HP-UX IPSec MD5 algorithm. If you
are using an earlier version of HP-UX IPSec (versions A.01.01 - A.01.03) to communicate with
IPSec version A.01.04 or later and using a transform with MD5 the authentication will
intermittently fail and HP-UX IPSec will drop the packet and report an error.
If you are currently using HP-UX IPSec versions A.01.01 - A.01.03 with any of the following
transforms, you must simultaneously upgrade all your systems to HP-UX IPSec version A.01.04
or higher.
AH-MD5 transforms
ESP transforms that are authenticated using MD5:
— ESP-DES-HMAC-MD5
— ESP-3DES-HMAC-MD5
— ESP-AES128-HMAC-MD5
Nested AH and ESP transforms that use MD5
Migrating from Versions A.01.01 and A.01.02 to Version A.01.05
If you are migrating from version A.01.01 or A.01.02 and want to reuse your configuration data,
you must use the following procedure to first update to HP-UX IPSec version A.01.05, then
update to version A.02.01.01:
1. Verify that HP-UX IPSec is already configured with a valid IPSec password and configuration
file. To do this, use the ipsec_admin -start command to start HP-UX IPSec. After you
have verified HP-UX IPSec, stop it using the ipsec_admin -stop command.
2. Check the automatic boot-up setting in the ipsec_mgr GUI under the Options menu. If
it is enabled, deselect Boot-up Options.
3. Install HP-UX IPSec version A.01.05.
Note that on HP-UX 11i v1 systems, HP-UX IPSec A.01.05 is not compatible with TOUR or
software releases that incorporate TOUR functionality.
If you need a copy of the HP-UX IPSec A.01.05 product, contact your HP representative.
4. Manually start HP-UX IPSec using the ipsec_admin -start command. This creates data
needed to migrate to newer versions of HP-UX IPSec.
5. Stop HP-UX IPSec using the ipsec_admin -stop command.
You can now migrate from HP-UX IPSec version A.01.05 to A.02.01.01, as described in “Migrating
from Versions A.01.03 - A.01.05 (page 14).
Migration Tasks 17