Manualshelf

HP-UX IPSec A.01.07.02 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
HP-UX IPSec Release Notes
Known Problems and Workarounds
Chapter 16
Known Problems and Workarounds
HP-UX IPSec A.01.07.02 does not support Entrust security certificates. As a workaround,
you can use preshared keys, Baltimore UniCert certificates, or VeriSign certificates for
IKE (primary) authentication. You can also use HP-UX IPSec with OpenSSL certificates.
Refer to Using OpenSSL Certificates with HP-UX IPSec A.01.07 and HP-UX IPSec
A.02.00. This document is available from the HP Technical Documentation Web Site at
http:/docs.hp.com/hpux/internet/index.html#HP-UX%20IPSec
•The ipsec_mgr GUI will not be displayed correctly if the fonts for your X-display are
incorrectly set. To fix this problem, run the following command on your local system:
xset +fp /usr/lib/X11/fonts/iso_8859.1/75dpi/
Some of the ipsec_mgr screens will not be properly displayed (text and subfields will not
appear) if there are insufficient color resources available in your display environment. If
this occurs, terminate other applications that are using color resources, then exit and
restart ipsec_mgr.
On rare occasions, the ipsec_mgr GUI will hang even though a request was completed
successfully during VeriSign certificate operations. This is a known problem that results
from network congestion. If this problem occurs, kill the ipsec_mgr process with the
command kill -SIGQUIT
pid
. Killing the process will not corrupt your VeriSign
certificate data or affect certificate processing.
If you are using DNS, NIS or NIS+ to resolve hostnames to IP addresses and you have an
IPSec policy that discards, encrypts or authenticates packets to the DNS, NIS or NIS+
server, you must make sure that the hostname resolution services are configured as
follows:
—The /etc/nsswitch.conf file must specify files as the first database for resolving
hostnames. You can then specify other sources (such as DNS) as backup databases, as
shown in the example below:
hosts: files [NOTFOUND=continue] dns
—The /etc/hosts file must contain an entry for the local hostname mapped to its IP
address an entry for localhost and loopback mapped to the IP address 127.0.0.1, as
shown in the example below:
192.6.1.1 myhost
127.0.0.1 localhost loopback