HP-UX IPSec version A.02.01 Administrator's Guide
Product Specifications
Product Restrictions
Appendix A 7
messages being transmitted or received from a non-IPsec gateway or
router to be authenticated or encrypted, which will also cause ICMP
packets to be discarded.
IP uses ICMP messages to transmit error and control information, such
as in the following situations:
• IP may periodically send ICMP Echo messages to gateways to
determine if the gateway is up (“Gateway Probes”). If no response is
received, the gateway is marked “Dead” in the IP routing table.
This feature is controlled by the IP kernel parameter
ip_ire_gw_probe. By default, this feature is enabled on all HP-UX
systems. Refer to the ndd (1M) manpage for information on checking
or changing this parameter value.
• IP may use ICMP Echo messages with the “Don’t Fragment” flag and
ICMP Destination Unreachable messages with the “Fragmentation
Needed” flag to set the Path Maximum Transmission Unit (Path
MTU).
This feature is controlled by the IP kernel parameter
ip_pmtu_strategy. Refer to the ndd (1M) manpage for information
on checking or changing this parameter value.
• IP may send ICMP Redirect messages to redirect traffic to a different
gateway.
The transmission of ICMP Redirect messages is controlled by the IP
kernel parameter ip_send_redirects. By default, this feature is
enabled on all HP-UX systems. Refer to the ndd (1M) manpage for
information on checking or changing this parameter value.
• IP may send ICMP Source Quench messages to request the source
system to decrease its transmission rate.
The transmission of ICMP Source Quench messages is controlled by
the IP kernel parameter ip_send_source_quench. By default, this
feature is enabled on all HP-UX systems. Refer to the ndd (1M)
manpage for information on checking or changing this parameter
value.
IPv6 ICMP Messages
To ensure proper operation of IPv6 networks, HP-UX IPSec always
allows the following ICMPv6 messages to pass in clear text: