HP-UX IPSec version A.02.00 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Procedures
Chapter 5 161
• Queries the kernel Security Association (SA) engine for active
IPSec/QM SAs on this system. If there is no peer IPSec system and/or
no active IPSec/QM SAs, the kernel SA engine will respond that
there are no IPSec/QM SAs to report. You can also do this by
entering the command:
ipsec_report -sad
• Queries the IKE daemon for ISAKMP/MM SAs. If there is no peer
IPSec system or no IPSec traffic, the IKE daemon will respond that
there are no ISAKMP/MM SAs to report. You can also do this by
entering the following command:
ipsec_report -mad
• Queries the policy daemon and reports the IKE policies. You can also
do this by entering the following command:
ipsec_report -ike
• Queries the policy daemon and reports the configured host IPSec
policies. You can also do this by entering the following command:
ipsec_report -host configured
• Queries the policy daemon and reports the active host IPSec policies.
To create the list of active host IPSec policies, the policy daemon
expands configured host IPSec policies with wildcard and subnet
specifications for the active IP interfaces (configured UP or DOWN,
plumbed) on the local system. The policy daemon also creates active
host IPSec policies as needed for active traffic by expanding remote
IP address specifications and any other wildcard field values. You
can also do this by entering the following command:
ipsec_report -host [active]
• Queries the policy daemon and reports the active gateway IPSec
policies. You can also do this by entering the following command:
ipsec_report -gateway [active]
• Queries the policy daemon and reports the tunnel IPSec policies. You
can also do this by entering the following command:
ipsec_report -tunnel
• Queries the policy daemon and reports the interfaces in the bypass
list. You can also do this by entering the following command:
ipsec_report -bypass