The e-fix in this directory is for APAR IY25057, which will be
orderable by 12/31/2001 from the AIX Electronic Fix Distribution
Service at the following URL:

  http://techsupport.services.ibm.com/server/aix.elecptforder


The problem fixed in this e-fix:
--------------------------------
AIX IKE could fail in negotiation with some other vendors's
implementation when AIX receive RESPONDER-LIFETIME notify 
payload.
The error message in log is:
"inet_OAKLEY_quickmode::check_rcvd_msg():SPI in notify
payload does not match our P2 SA failed."


Solution:
---------
When processing received notify payload, check the validation
of SPI value after SA payload is processed; when sending 
notify payload, put the own inbound SPI value in payload.


Applicable system level:
------------------------
AIX 5.1 with the bos.net.ipsec.keymgt fileset at the 5.1.0.10
level (PTF U476337).


Extracting the files:
---------------------
Download IY25057.tar.Z in binary format.

Use the following command to extract the files from IY25057.tar.Z
into a temporary directory.

  compress -cd IY25057.tar.Z | tar -xvf-


How to apply this e-fix:
------------------------
1) Stop the AIX IP security
2) Backup original isakmpd daemon
   cp -p /usr/sbin/isakmpd /usr/sbin/isakmpd.orig
3) Copy this new isakmpd to /usr/sbin
   cp isakmpd /usr/sbin
4) Restart AIX IP security