HP-UX IPSec version A.02.00 Administrator's Guide
Troubleshooting HP-UX IPSec
IPSec Operation
Chapter 5 149
Internal Processing
This section provides an a high-level description of how HP-UX IPSec
processes packets. This information is useful to further troubleshoot
HP-UX IPSec and analyze the data reported by the HP-UX IPSec
troubleshooting tools.
Figure 5-2 Outbound Processing
Outbound Data
1. Query the Kernel Policy Engine
HP-UX IPSec first checks the kernel policy engine cache for an
existing decision on the action to take (secure, drop, or pass in clear
text) for the packet based on the IP addresses, protocol and port
numbers. If the action is secure (use an Authentication Header, AH
or use an Encapsulating Security Payload, ESP), there may be a
reference to an existing IPSec/QM SA that can be used.
2. Query the Policy Manager Daemon
If no match is found in the policy engine cache, the Policy Manager
daemon is queried for the policy and action (secure, drop, or pass in
clear text) to take.
IKE Daemon
Policy Engine
Policy Manager
Kernel
Daemon
SA Engine
2
3
4
5
1
ISAKMP
Policy DB
(secpolicyd)
(ikmpd)
SA DB
Policy
Engine
Cache
SA DB
IPSec