HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 8: Committing the Batch File Configuration and Verifying Operation
Chapter 3 107
After doing so, enter the following commands:
ipsec_report -host
ipsec_report -sad
Or, run:
ipsec_report -all
From the output of ipsec_report, you can verify the status of the
outbound IPSec SA for the packets using the IPSec policy you are
verifying.
Check the active host IPSec policies (ipsec_report -host output)
for entries that correspond to the IPSec policy you are verifying.
There will be multiple entries for each host IPSec policy. Find an
outbound entry with SA information, including inbound and
outbound SPIs:
----------------- Active IPSec Policy -----------
Rule Name: telnet_in ID: 3 Cookie: 4 Priority: 10
Src IP Addr: 15.1.1.1 Prefix: 32 Port number:23
Dst IP Addr: 15.2.2.2 Prefix: 32 Port number: *
Network Protocol: * Direction: outbound
Action: Dynamic key SA State: Ready
Number of SA(s) Needed: 1 Pair(s)
Number of SA(s) Created: 1 Pairs(s)
Kernel Requests Queued: 0
Proposal 1: Transform: ESP-AES128-HMAC-SHA1
Lifetime Seconds: 28800
Lifetime Kbytes: 0
-- SA Pair Number 1 --
SA Type: ESP
Encryption Algorithm: AES128-CBC
Authentication Algorithm: HMAC-SHA1
Outbound SPI (hex): BE882
Inbound SPI (hex:) 13BDB7
You can also check the SA database output (ipsec_report -sad
output) for the SAs with the corresponding SPIs:
------------- IPSec SA ----------------
Sequence number: 1
SPI (hex): BE882 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1
authentication
Src IP Addr: 15.1.1.1 Dst IP Addr: 15.2.2.2