Manualshelf

HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
16171819202122232425
6 Migrating to HP-UX IPSec A.03.0x
The following sections contain information for migrating from HP-UX IPSec version A.02.01 to
A.03.0x.
NOTE: If you are using a version of HP-UX IPSec prior to A.02.01, you must upgrade to HP-UX
IPSec A.02.01 or A.02.01.01 first, then migrate to HP-UX IPSec A.03.0x. For information on
migrating from previous versions to A.02.01 or A.02.01.01, see HP-UX IPSec A.02.01
Administrator's Guide (J4256-90015).
Postinstallation migration instructions
The following sections describe migration procedures to perform after you have installed HP-UX
IPSec A.03.0x.
Profile file
The default location for the HP-UX IPSec profile file is /var/adm/ipsec/.ipsec_profile. If
this file exists when you install HP-UX IPSec A.03.0x, the installation script installs the A.03.0x
profile file under the file name /var/adm/ipsec/.ipsec_profile.blank. When you run
the ipsec_migrate utility, ipsec_migrate saves the existing /var/adm/ipsec/
.ipsec_profile file in the /var/adm/ipsec/backup directory before moving the /var/
adm/ipsec/.ipsec_profile.blank file to /var/adm/ipsec/.ipsec_profile.
If you use customized settings in your profile file, edit the /var/adm/ipsec/
.ipsec_profile.blank file with your customized settings before running ipsec_migrate.
Configuration database
To migrate an HP-UX IPSec A.02.01 policy configuration database, use the following procedure.
1. Run the ipsec_migrate utility after you have installed HP-UX IPSec A.03.0x. For example:
/usr/sbin/ipsec_migrate
If the /var/adm/ipsec/ipsec.key file is present, ipsec_migrate prompts for the HP-UX
IPSec password before decrypting this file and extracting the contents.
The ipsec_migrate utility creates backup copies of the following files and saves them in
the files under the /var/adm/ipsec/backup directory:
/var/adm/ipsec/.ipsec_profile
/var/adm/ipsec/cainfo.txt
/var/adm/ipsec/config.db
/var/adm/ipsec/ipsec.cert (if present)
/var/adm/ipsec/ipsec.key (if present)
The ipsec_migrate utility appends a timestamp to the names of the backup files. The
timestamp is in the format dd-mm-yy-hh-mn-ss , where:
dd is the day
mm is the month
yy are the last two digits of the year
hh is the hour
mn is the number of minutes
ss is the number of seconds
For more information, refer to the ipsec_migrate(1M) man page.
2. Examine the contents of the configuration database using the following command:
ipsec_config show all
Postinstallation migration instructions 21