HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

For example:

----------------- Configured Host Policy Rule -------------------

Rule Name: SRP-web2-base-1 ID: 7 Priority: 30

Src IP Addr: 192.0.2.1 Prefix: 32 Port number: 0

Dst IP Addr: 10.2.2.2 Prefix: 32 Port number: 0

Network Protocol: All Action: Dynamic key SA

Number of SA(s) Needed: 1 Pair(s)

Proposal 1: Transform: ESP-AES128-HMAC-SHA1

Lifetime Seconds: 28800

Lifetime Kbytes: 0

• Use the following ipsec_report command to view the IKE rules:

ipsec_report -ike

The output should include an IKE policy with the name SRP-compartment_name-base-1.

For example:

---------------------------- IKE Rule -----------------------------

Rule Name: SRP-web2-base-1 Priority: 30 Cookie: 6

Remote IP Address: 10.2.2.2 Prefix: 32

Group Type: 2 Authentication Method: Pre-shared Keys

Authentication Algorithm: HMAC-MD5 Encryption Algorithm: 3DES-CBC

Number of Quick Modes: 100 Lifetime (seconds): 28800

Action: Secure

• Use the following ipsec_config command to view the authentication records:

ipsec_config show auth

The output should include an IKE policy with the name SRP-compartment_name-base-1.

For example:

auth SRP-web2-base-1

-remote 10.2.2.2/32

-preshared myPresharedKey

-exchange MM

• You can also use the ipsec_policy utility to verify the IPSec host rule selected for a packet

from the peer address. In the following example, the SRP compartment address is 19.2.0.2.1

and the peer address is 10.2.2.2. The ipsec_policy command queries IPSec to determine

which IPSec and IKE policies are selected for an outbound packet (-dir out) with source

IP address (-sa) 192.0.2.1 and destination IP address (-da) 10.2.2.2.

# ipsec_policy -sa 192.0.2.1 -da 10.2.2.2 -dir out

------------------- Active Host Policy Rule ---------------------

Rule Name: SRP-web2-base-1 ID: 8 Cookie: 3 Priority: 30

Src IP Addr: 192.0.2.1 Prefix: 32 Port number: 0

Dst IP Addr: 10.2.2.2 Prefix: 32 Port number: 0

Network Protocol: All Direction: outbound

Action: Dynamic key SA State: SPI(s) Not Established

Number of SA(s) Needed: 1 Pair(s)

Number of SA(s) Created: 0 Pair(s)

Kernel Requests Queued: 0

Proposal 1: Transform: ESP-AES128-HMAC-SHA1

Lifetime Seconds: 28800

Lifetime Kbytes: 0

---------------------------- IKE Rule -----------------------------

Rule Name: SRP-web2-base-1 Priority: 20 Cookie: 4

Remote IP Address: 10.2.2.2 Prefix: 32

Group Type: 2 Authentication Method: Pre-shared Keys

Authentication Algorithm: HMAC-MD5 Encryption Algorithm: 3DES-CBC

Number of Quick Modes: 100 Lifetime (seconds): 28800

Action: Secure

78 Verifying and Troubleshooting SRP