HP-UX IPSec version A.02.00 Administrator's Guide

Troubleshooting HP-UX IPSec

Chapter 5146

This chapter describes the procedures to troubleshoot HP-UX IPSec

software.

It contains the following sections:

• “IPSec Operation” on page 147

• “Troubleshooting Utilities Overview” on page 155

• “Troubleshooting Procedures” on page 160

• “Reporting Problems” on page 168

• “Troubleshooting Scenarios” on page 170. This section describes the

following problems and how to resolve them:

— “HP-UX IPSec Incorrectly Passes Packets” on page 170

— “HP-UX IPSec Incorrectly Attempts to Encrypt/Authenticate

Packets” on page 172

— “HP-UX IPSec Attempts to Encrypt/Authenticate and Fails” on

page 172

— “ISAKMP/MM SA Negotiation Fails (Main Mode processing

failed, MM negotiation timeout)” on page 174

— “ISAKMP Primary Authentication with Preshared Key Fails” on

page 176

— “ISAKMP Primary Authentication Fails with Certificates” on

page 176

— “ISAKMP/MM SA Negotiation Succeeded, IPSec/QM SA

Negotiation Fails (Quick Mode processing failed, QM negotiation

timeout)” on page 177

— “Manual Keys Fail” on page 178

— “HP-UX Will Not Start (ipsec_admin -start Fails)” on page 181

— “Corrupt or Missing Configuration Database” on page 183

— “Autoboot is Not Working Properly” on page 185

— “Administrator Cannot Get a Local VeriSign Certificate” on

page 185

— “Security Policy Database Limit Exceeded (Kernel Policy Cache

Threshold reached or Kernel Policy Cache Threshold exceeded)”

on page 187