HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

151

152

153

154

155

156

157

158

159

160

Corrupt or Missing HP-UX IPSec Configuration Database

Problem

The HP-UX IPSec configuration database file (/var/adm/ipsec/config.db ) is corrupt or

missing.

Symptoms

The symptom vary according to when the problem is detected. HP-UX IPSec modules will log

error messages to the audit log file and user utilities will also display the error messages to

stdout.

If ipsec_admin detects the problem (for example, when the user is executing the ipsec_admin

-start command), ipsec_admin logs and displays one of the following messages:

IPSEC_ADMIN: ERROR-reads a DB config which is invalid

IPSEC_ADMIN: ERROR-Configuration database open failed: reason

If ipsec_config detects the problem, ipsec_config logs and displays a message similar to

one of the following messages:

“Internal Database error. Please contact HP!”

“DB Exception: /var/adm/ipsec/config.db, line n, Func name”

“DB Exception: /var/adm/ipsec/config.db, line n, Info 0xhhh”

If the policy daemon detects that configuration database is corrupted, the policy daemon logs

an error message similar to the following:

Msg: 413 From: SECPOLICYD Lvl: ERROR Date: Sun May 09 10:21:32 2004

Event: /var/adm/ipsec/config.db file is corrupt.

Solution

Re-create or restore the configuration database file (/var/adm/ipsec/config.db ) as described

“Re-Creating the Configuration Database” (page 139).

Autoboot is Not Working Properly

Problem

Autoboot fails.

Symptoms

HP-UX IPSec does not start automatically at system boot-up time.

Solution

Use the following procedure:

1. Set the HP-UX IPSec password using the ipsec_admin -newpasswd command if it is not

already set.

2. Use ipsec_config to configure HP-UX to start automatically at system boot-up time:

ipsec_config add startup -autoboot ON

3. Reboot the system.

If you still have problems after following the troubleshooting procedure, contact your HP

representative.

If HP-UX IPSec is not using the IPsec policy you expected, check for errors in the configuration

file, such is incorrect IP addresses. Check the order of the IPsec policies—HP-UX IPSec sequentially

searches the IPsec policies and selects the first policy with filter parameters that match the packet.

160 Troubleshooting HP-UX IPSec