Workaround for Solaris 10 IPF/Cisco VPN Issues at Sparcitecture

April 5, 2007 No comments

Workaround for Solaris 10 IPF/Cisco VPN Issues

Installing the Cisco VPN client on a Solaris 10 system with ipfilters enabled breaks your ipfilter installation. The symptom to look for is a message from SMF telling you that the ipfilter service has transitioned to a maintenance state when you reboot. The loading of the cipsec module onto the network interface interferes with SMF’s invocation of autopush on the file /etc/ipf/pfil.ap.

Since the Cisco installer adds a line to /etc/iu.ap for each type of interface on the system, the workaround is to append pfil to the modlist for each interface added to iu.ap so the pfil module is loaded after the cipsec module, e.g.:

# tail -2 /etc/iu.ap

bge        -1        0        cipsec pfil
qfe        -1        0        cipsec pfil

[composed and posted with ecto]

You may Leave a comment or Subscribe to Comments RSS or Trackback this entry.

Please be polite and on topic. Your e-mail will never be published.

Sparcitecture

Workaround for Solaris 10 IPF/Cisco VPN Issues

Leave a comment

RSS Feeds

Recent Comments

Archives

Misc

Recent Posts

Blogroll