Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
251252253254255256257258259260
Interoperability
Cisco
Appendix B 247
Tips
The following tips may help you configure HP-UX IPSec and Cisco IPsec
implementations:
The Cisco configuration documentation and utilities use the term
ISAKMP (or isakmp) to refer to IKE components.
Under certain conditions, Cisco IOS IPsec negotiates two
unidirectional IKE SAs with a peer instead of one bidirectional IKE
SA. If this occurs with an HP-UX peer and you stop HP-UX IPSec,
HP-UX IPSec sends an IKE DELETE message to the Cisco device for
the IKE SA that HP-UX IPSec initiated. The Cisco device deletes this
IKE SA, but retains the second IKE SA. If you re-start HP-UX IPSec,
the Cisco device may attempt to use its existing IKE SA to negotiate
IPsec SAs with HP-UX IPSec. This causes a negotiation failure. As a
workaround, login to the Cisco device and manually delete any IKE
SAs to an HP-UX system that remain after you stop HP-UX IPSec.