HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Symptoms..................................................................................................................132

Solution.....................................................................................................................133

IPsec SA Negotiation Fails................................................................................................133

Problem.....................................................................................................................133

Symptoms..................................................................................................................134

Solution.....................................................................................................................134

IKEv1 IPsec SA Error...............................................................................................134

IKEv2 IPsec SA Error...............................................................................................134

IKE Primary Authentication Fails with Certificates..................................................................135

Problem.....................................................................................................................135

Symptoms .................................................................................................................135

Solution.....................................................................................................................135

Details.......................................................................................................................135

HP-UX Will Not Start (ipsec_admin -start Fails).....................................................................136

Problem.....................................................................................................................136

Symptoms..................................................................................................................136

Solution.....................................................................................................................136

Corrupt or Missing HP-UX IPSec Configuration Database.......................................................136

Problem.....................................................................................................................136

Symptoms..................................................................................................................136

Solution.....................................................................................................................137

Autoboot is Not Working Properly.....................................................................................137

Problem.....................................................................................................................137

Symptoms..................................................................................................................137

Solution.....................................................................................................................137

Security Policy Database Limit Exceeded (Kernel Policy Cache Threshold reached or Kernel Policy

Cache Threshold exceeded ) ............................................................................................137

Problem.....................................................................................................................137

Symptoms..................................................................................................................137

Solution.....................................................................................................................138

ipsec_report –sa display of the phase2 associations will not reflect the key length of AES

transform combination.................................................................................................138

Problem.....................................................................................................................138

Symptom....................................................................................................................138

Solution.....................................................................................................................138

A Product Specifications.............................................................................140

Product Files and Directories...................................................................................................140

IPsec RFCs...........................................................................................................................141

RFC 3775 IKE Identity Payload Requirement........................................................................142

RFC 3776 Mandatory Support...........................................................................................142

Product Restrictions...............................................................................................................143

IKE Limitations.................................................................................................................143

HP-UX IPSec Transforms.........................................................................................................143

Comparative Key Lengths..................................................................................................143

Authentication Algorithms.................................................................................................144

Encryption Algorithms.......................................................................................................144

ESP-3DES-HMAC-MD5.................................................................................................144

ESP-3DES-HMAC-SHA1................................................................................................144

ESP-AES128-HMAC-MD5..............................................................................................144

ESP-AES128-HMAC-SHA1............................................................................................144

ESP-NULL-HMAC-MD5.................................................................................................144

ESP-NULL-HMAC-SHA1................................................................................................145

ESP_AES128_HMAC_SHA2_256..................................................................................145

ESP_AES128_HMAC_SHA2_384..................................................................................145

10 Contents