Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v1 | HP-UX 11i v2, Update 2

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
This document provides information about the A.02.01.01 release of HP-UX IPSec for HP-UX
11i version 1 (B.11.11) and HP-UX 11i version 2 Update 2 (B.11.23).
Overview
The A.02.01.01 release of HP-UX IPSec contains the following changes:
Defect fixes.
Changes for compatibility with ARPA Transport releases. See “Migration Recommendations
for HP-UX 11i v1 Customers” (page 18) for migration recommendations for HP-UX 11i v1
customers.
HP-UX IPSec
HP-UX IPSec provides transparent encryption for IP-based applications. It also enhances the
privacy of Internet communications. HP-UX IPSec supports PKI-based authentication, rule-based
access control, and the Internet Key Exchange (IKE) protocol. It also serves as a framework for
open standards networking, requires no application modification to take advantage of
network-level security and can be a component of the HP Virtual Private Network (VPN) solution.
New and Changed Features in This Release
New Features
No new features are introduced in HP-UX IPSec version A.02.01.01. For a description of new
features introduced in version A.02.01, the last major release of HP-UX IPSec, see the HP-UX
IPSec version A.02.01 Release Notes (J4256-90016).
Changed Features
There are no changed features.
Known Problems Fixed in This Version
The following table lists the known problems and fixes in this release of HP-UX IPSec.
Table 1 Fixes in HP-UX IPSec A.02.01.01
DescriptionDefect ID
(JAGaf99388) IKE Security Association (SA) negotiations fail when a Sun Solaris system
initiates the negotiations. The audit log shows the following messages:
Invalid SPI size: 8 for ISAKMP protocol.
Error processing SA payload.
Phase 1 MM processing failed.
Resolution: Accept an IKE SA proposal that has an SPI Size field value equal to 8. This
change is necessary to interoperate with Solaris.
SR: 8606441692
(JAGaf99583) Communication using IPsec to a remote system hangs. This occurs
intermittently when the system has second IPsec SA pair established to the remote system
that is long-lived and the second SA pair is re-keyed.
Resolution: Refine the search for the SPI record when deleting SAs.
SR: 8606441905
Overview 7