HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 7 215
HP-UX IPSec Incorrectly Attempts to
Encrypt/Authenticate Packets
Problem
IPsec is attempting to encrypt or authenticate (apply a transform)
packets that should not be encrypted or authenticated.
Symptoms
Link errors (unable to connect or connection timeouts) on traffic that
should not be encrypted/authenticated.
Solution
Run the following commands:
ping, linkloop (check connectivity)
ipsec_policy or ipsec_report -cache and ipsec_report -host
(determine the policy being used)
Check the configuration file.
If HP-UX IPSec is misconfigured to encrypt and/or authenticate packets
that it should not and the peer system is not configured to use HP-UX
IPSec encryption/authentication, you will consistently get connection
errors (unable to connect or connection timed out).
Check connectivity to the remote system using /etc/ping and the
linkloop utilities.
Verify which IPsec policy is being used with the ipsec_policy command
and check the configuration file.
HP-UX IPSec Attempts to Encrypt/Authenticate and
Fails
Problem
IPsec attempts to encrypt/authenticate packets and fails.