HP-UX IPSec version A.02.00 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 5176
ISAKMP Primary Authentication with Preshared Key
Fails
Problem
ISAKMP primary authentication with preshared key fails.
Symptoms
Output from the ipsec_report -mad command does not show the
ISAKMP/MM SA. The audit log contains a Main Mode process failed
message.
Solution
Verify that the preshared key values match. Use the ipsec_config
show auth command to verify the preshared key configured on the local
system. Check the key format on the remote system (ASCII or hex);
HP-UX IPSec always configures preshared keys as ASCII values. Check
the audit file.
ISAKMP Primary Authentication Fails with
Certificates
Problem
Certificate-based (RSA signature) primary authentication fails.
Symptoms
Output from the ipsec -mad command does not show the ISAKMP/MM
SA. The audit log contains a Main Mode processing failed error
message.
Solution
Check the audit file for an expired certificate, revoked certificate, or
certificate encoding problems. Try preshared key authentication.
Run ipsec_mgr and check for a certificate for the remote system in
/var/adm/ipsec/certs.txt (VeriSign) or /var/adm/ipsec/.Bcerts
(Baltimore).