HP-UX IPSec A.01.07.02 Release Notes HP-UX 11i version 1 Documentation Web Site: http://www.docs.hp.com Manufacturing Part Number : J4256-90018 October 2005 U.S.A. © Copyright 2005 Hewlett-Packard Development Company L.P.
Legal Notices The information in this document is subject to change without notice. Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. U.S. Government License Confidential computer software.
HP-UX IPSec Release Notes Announcement 1 HP-UX IPSec Release Notes Announcement HP-UX IPSec provides transparent encryption for IP-based applications. It also enhances the privacy of Internet communications. HP-UX IPSec supports PKI-based authentication, rule-based access control, and the Internet Key Exchange (IKE) protocol.
HP-UX IPSec Release Notes What’s in This Version What’s in This Version The HP-UX IPSec Version A.01.07.02 product (J4256AA) is supported on HP-UX 11i version 1 (B.11.11) systems. This version of HP-UX IPSec includes the defect fixes listed in “Patches and Fixes in This Version” on page 10. The J4255AA product is obsolete. Use the HP-UX IPSec J4256AA product as it is a superset of J4255AA. J4256AA is available for export worldwide except to countries under U.S. and/or U.N.
HP-UX IPSec Release Notes Compatibility Information and Installation Requirements Compatibility Information and Installation Requirements OS Platform and Version Compatibility HP-UX 11i version 1 (B.11.11). Software Requirements You can obtain HP-UX IPSec version A.01.07.02 from the HP Software Depot at http://www.hp.com/go/softwaredepot Patch Requirement The system must have standard HP-UX 11i version 1 core products and the following patch: • PHNE_33159 (Cumulative ARPA Transport Patch).
HP-UX IPSec Release Notes Known Problems and Workarounds Known Problems and Workarounds • HP-UX IPSec A.01.07.02 does not support Entrust security certificates. As a workaround, you can use preshared keys, Baltimore UniCert certificates, or VeriSign certificates for IKE (primary) authentication. You can also use HP-UX IPSec with OpenSSL certificates. Refer to Using OpenSSL Certificates with HP-UX IPSec A.01.07 and HP-UX IPSec A.02.00.
HP-UX IPSec Release Notes Pre-Installation Migration Instructions Pre-Installation Migration Instructions Before installing HP-UX IPSec version A.01.07.02, verify that your installation meets the following conditions: • MD5 version compatibility: If you are using MD5 transforms, all HP-UX IPSec systems must be version A.01.04 or higher. For more information, refer to “MD5 Version Compatibility” on page 7. • Migrating from HP-UX IPSec versions prior to A.01.03 (such as A.01.01 or A.01.
HP-UX IPSec Release Notes Pre-Installation Migration Instructions By default, HP-UX IPSec log files are located in the /var/adm/ipsec directory. The log file name format is auditdate_information.log. Migrating from Versions Prior to A.01.03 If you are updating to HP-UX IPSec version A.01.07.02 from a version released prior to A.01.03 (such as version A.01.01 or A.01.02) and want to re-use your configuration files, you must use the following procedure to first update to HP-UX IPSec version A.01.
HP-UX IPSec Release Notes Common Mistakes or Gotchas Common Mistakes or Gotchas • The local and remote node must have a common transform configured (at least one transform must match). • IPSec uses IP protocol numbers 50 and 51. IKE uses UDP port 500.
HP-UX IPSec Release Notes Patches and Fixes in This Version Patches and Fixes in This Version The fixes for the following Service Requests (SRs) are included in the A.01.07.02 release: SR Number Description 8606-400090 (JAGaf60046) Problem in anti-replay implementation. 8606-389338 (JAGaf49486) System panic (TOC initiated by Serviceguard) because of network problems. 8606-403163 (JAGaf63097) Problem with ESP in tunnel mode. 8606-411881 (JAGaf71746) Problem handling the IKE SPI.
HP-UX IPSec Release Notes List of Documents Available with HP-UX IPSec List of Documents Available with HP-UX IPSec Document titles for HP-UX IPSec version A.01.07.02 are listed below. All documents are available from the HP Technical Documentation Web Site at http:/docs.hp.com/hpux/internet/index.html#HP-UX%20IPSec. • HP-UX IPSec version A.01.07 Administrator’s Guide (J4256-900005) • HP-UX IPSec version A.01.07.