HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

131

132

133

134

135

136

137

138

139

140

Msg: 413 From: SECPOLICYD Lvl: ERROR Date: Sun May 09 10:21:32 2004

Event: /var/adm/ipsec/config.db file is corrupt.

Solution

Re-create or restore the configuration database file (/var/adm/ipsec/config.db ) as described

“Re-Creating the Configuration Database” (page 117).

Autoboot is Not Working Properly

Problem

Autoboot fails.

Symptoms

HP-UX IPSec does not start automatically at system boot-up time.

Solution

Use the following procedure:

1. Set the HP-UX IPSec password using the ipsec_admin -newpasswd command if it is not

already set.

2. Use ipsec_config to configure HP-UX to start automatically at system boot-up time:

ipsec_config add startup -autoboot ON

3. Reboot the system.

If you still have problems after following the troubleshooting procedure, contact your HP

representative.

If HP-UX IPSec is not using the IPsec policy you expected, check for errors in the configuration file,

such is incorrect IP addresses. Check the order of the IPsec policies—HP-UX IPSec sequentially

searches the IPsec policies and selects the first policy with filter parameters that match the packet.

Security Policy Database Limit Exceeded (Kernel Policy Cache Threshold

reached or Kernel Policy Cache Threshold exceeded )

Problem

The Security Policy Database (SPD) is near or exceeding the soft or hard size limit.

Symptoms

The SPD is the HP-UX IPSec runtime policy database, with cached policy decisions for packet

descriptors (five-tuples consisting of exact, non-wildcard source IP address, destination IP address,

protocol, source port, and destination port).

When the size of the SPD exceeds the soft limit, HP-UX IPSec logs an alert message to the system

console and the audit file, and logs an additional alert message for each 1000 SPD entries added.

You will see log messages are similar to the following:

Msg: 20 From: SECPOLICYD Lvl: ALERT Date: Tue Apr 20 11:30:39 2004

Event: Kernel Policy Cache Threshold reached nnnn

records.

where nnnn is the soft limit.

When the hard limit is exceeded, HP-UX IPSec stops adding new entries to the SPD and stops

transmitting and receiving packets that do not match existing entries in the SPD. You will see log

messages are similar to the following:

Troubleshooting Scenarios 137