HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Troubleshooting Manual Key Problems.....................................................................................192

Symptoms.......................................................................................................................192

Solutions.........................................................................................................................192

SADB_ADD for SPI 0xnnnn returns EEXIST ....................................................................192

Invalid SADB_ADD ..........................................................................................................192

STREAMS Logging Messages and Additional Audit File Entries..............................................192

Examining STREAMS Logging Records...........................................................................193

Examining Additional Audit Entries................................................................................193

G HP-UX IPSec and Serviceguard................................................................194

Introduction..........................................................................................................................194

Using HP-UX IPSec with Serviceguard.................................................................................195

Client Failover Detection...............................................................................................195

Configuration Overview.........................................................................................................196

Requirements...................................................................................................................196

Serviceguard Heartbeat Requirement and Recommendation..................................................196

Configuration Steps..........................................................................................................196

Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard...................................................197

Overview........................................................................................................................197

Determining Serviceguard Cluster Information......................................................................198

Configuring Host IPsec Policies for Package Addresses..........................................................198

Configuring PASS Host IPsec Policies for Intracluster Messages...............................................198

Private Dedicated Heartbeat Networks...........................................................................199

Configuring Host IPsec Policies for External Access...............................................................199

Serviceguard Quorum Server........................................................................................199

Cluster Node IPsec Policies for Quorum Server...........................................................199

Quorum Server IPsec Policies....................................................................................200

Remote Command Execution.........................................................................................200

Cluster Node IPsec Policies for Remote Command Execution.........................................200

Remote Command Client Host IPsec Policies...............................................................200

Serviceguard Manager Plug-in Version...........................................................................201

Cluster Node Host IPsec Policies for Serviceguard Manager Plug-in Version....................201

SMH Management Station Host IPsec Policies.............................................................201

Serviceguard Manager Standalone Version....................................................................202

Cluster Node Host IPsec Policies for Serviceguard Manager Standalone Version.............202

Standalone Serviceguard Manager Host IPsec Policies.................................................202

WBEM Access............................................................................................................202

Cluster Node Host IPsec Policies for Secure WBEM Access...........................................203

Cluster Node Host IPsec Policies for Non-Secure WBEM Access....................................203

Secure WBEM Client Host IPsec Policies....................................................................203

Non-Secure WBEM Client Host IPsec Policies..............................................................203

Cluster Object Manager (COM)....................................................................................203

Cluster Node Host IPsec Policies for COM..................................................................203

COM System Host IPsec Policies...............................................................................204

Consolidated Log (clog)...............................................................................................204

Cluster Node Host IPsec Policies for Consolidated Log.................................................204

SMH Management Station Host IPsec Policies.............................................................204

Summary: Serviceguard Port Numbers and Protocols............................................................204

Step 2: Configuring HP-UX IPSec IKE policies............................................................................206

Cluster IKE policies...........................................................................................................206

Cluster Client IKE policies..................................................................................................206

Step 3: Configuring Authentication Records for Preshared Keys...................................................206

Preshared Key Configuration on Cluster Nodes....................................................................206

Preshared Key Configuration on Client Nodes.....................................................................206

Example.........................................................................................................................206

14 Contents