Manualshelf

HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
4 Known problems and limitations
This section provides a list of known problems and limitations as known to HP at the time of
publication. If workarounds are available, they are described.
The following error messages appear in /var/adm/syslog/syslog.log
whenipsec_admin flushsa is performed:
"secauditd[10406]: IPSEC : Level : 2 Event : error at the kernel on DELETE, No such process, Date : Fri
Nov 16 11:58:43 2012 secauditd[10406]: IPSEC : Level : 2 Event : local ? - remote ? sadb_poll: unknown
error , Date : Fri Nov 16 11:58:43 2012 "
The messages that appear in syslog may generate extra noise only when the administrator
executes ipsec_admin flushsa explicitly.
ipsec_report –sa display of the phase2 associations will not reflect the key length of AES
transform combination. For example when ESP_AES256_HMAC_SHA1 is used, ipsec_report
–sa displays the following:
------------------------ IPSec SA ------------------------
Sequence number: 1
SPI (hex): 6F128 State: MATURE
SA Type: ESP with AES-CBC encryption and HMAC-SHA1 authentication
Src IP Addr: 192.168.2.1 Dst IP Addr: 192.168.2.2
--- Current Lifetimes ---
bytes processed: 288
addtime (seconds): 6
usetime (seconds): 6
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 0
--- Soft Lifetimes ---
bytes processed: 0
addtime (seconds): 23591
usetime (seconds): 0
Workaround:
For example: $ ipsec_policy -sa 192.168.2.1 -da 192.168.2.2 -dir out
------------------- Active Host Policy Rule ---------------------
Rule Name: longevity_3 Priority: 7 Cookie: 7
Src IP Addr: 192.168.2.1
Dst IP Addr: 192.168.2.2
Network Protocol: All Action: Dynamic key SA
Proposal 1: Transform: ESP-AES256-HMAC-SHA2-512
Lifetime Seconds: 28800
Lifetime Kbytes: 0
--------------------- Auth Record ---------------------
Name: test_all
Initiate KMP: IKEv1 with Main-mode
Local Auth Method: PSK
Remote Auth Method: PSK
--------------------- IKEv1 Policy -------------------
Name: default
Lifetime: 28800 seconds
ENCR: 3DES
HASH: MD5
DH Group: 24
PFS: On
17