HP-UX IPSec Version A.03.00 Administrator's Guide

7 Troubleshooting HP-UX IPSec

This chapter describes procedures for troubleshooting HP-UX IPSec software.

It contains the following sections:

• “Troubleshooting Utilities Overview” (page 142)

• “Troubleshooting Procedures” (page 145)

• “Reporting Problems” (page 151)

• “Troubleshooting Scenarios” (page 152). This section describes the following problems and

how to resolve them:

— “HP-UX IPSec Incorrectly Passes Packets” (page 152)

— “HP-UX IPSec Incorrectly Attempts to Encrypt/Authenticate Packets” (page 153)

— “HP-UX IPSec Attempts to Encrypt/Authenticate and Fails” (page 153)

— “IKEv1 SA Negotiation Fails or Times Out (phase1 negotiation failed)” (page 154)

— “IKEv2 SA Negotiation Fails or Times Out (retransmission count exceeded

the limit)” (page 156)

— “IPsec SA Negotiation Fails” (page 157)

— “IKE Primary Authentication Fails with Certificates” (page 158)

— “HP-UX Will Not Start (ipsec_admin -start Fails)” (page 159)

— “Corrupt or Missing HP-UX IPSec Configuration Database” (page 160)

— “Autoboot is Not Working Properly” (page 160)

— “Security Policy Database Limit Exceeded (Kernel Policy Cache Threshold

reached or Kernel Policy Cache Threshold exceeded ) ” (page 161)

The information in “HP-UX IPSec Operation” (page 169) can also help you understand and

troubleshoot HP-UX IPSec.

141