HP-UX IPSec version A.02.00 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 5 181
You may see entries similar to the following, which indicate
mis-matched cryptographic keys in an inbound packet:
24 01:36:26 78194680 1 T.. 0 0 ipsec_ip_rput_local_esp:
Can't pullup pad/protocol (1 76 185)
25 01:36:30 78194986 1 T.. 0 0 ipsec_ip_rput_local_esp:
Padding checks failed
Examining Additional Audit Entries Set the HP-UX IPSec audit
level to WARNING or higher to see additional entries for manual key
problems. Use the following procedure to search for manual key audit
records.
1. Set the HP-UX audit level to warning by executing the following
command:
ipsec_admin -auditlvl warning
2. Re-create the manual key problem.
3. Display the contents of the audit file by executing the following
command:
ipsec_report -audit audit_file
4. Examine the output and search for records with the address of the
remote system. You may see entries similar to the following:
Msg: 67 From: SECPOLICYD Lvl: WARNING Date: Thu Jun 10
13:43:07 2004
Event: No SPI for received packet - SPI: hhhh IP addr:
10.1.1.1-10.2.2.2 proto: 50
The above entry indicates mis-matched SPI numbers. Verify the SPI
numbers configured on the remote system. The inbound SPI on the
local system must match the outbound SPI on the remote system,
and the outbound SPI on the local system must match the inbound
SPI on the remote system.
HP-UX Will Not Start (ipsec_admin -start Fails)
Problem
HP-UX IPSec will not start.