Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
171172173174175176177178179180
Troubleshooting HP-UX IPSec
Reporting Problems
Chapter 5168
Reporting Problems
Be sure to include the following information when reporting problems:
A complete description of the problem and any error messages.
Include information about:
the local system (IP addresses)
IP addresses of relevant remote systems
routing table information (netstat -rn output) if appropriate
Also include a description of what works as well as what does not
work.
•Output from ipsec_admin -status.
•Output from ipsec_report -all.
•Output from ipsec_report -audit
audit_file
for additional
audit files. The ipsec_report -all output includes the contents of
the current audit file, but you may need to collect multiple audit files
to get all the records for a problem. HP-UX IPSec opens a new audit
file when the current file will exceed the maximum audit file size.
The default maximum audit file size is 100 Kbytes. You can change
the maximum audit file size using the ipsec_admin -m[axsize]
max_audit_file_size
command.
•Output from ipsec_policy. Specify as many parameters as you can
(source IP address, source port, destination IP address, destination
port, protocol).
If the problem may be caused by the transport or application layer,
enable layer four tracing (ipsec_admin -traceon), recreate the
problem, and then disable tracing (ipsec_admin -traceoff). Trace
output will be sent to /var/admin/ipsec/nettl.TRC0 and
/var/admin/ipsec/nettl.TRC, if nettl tracing is not already
enabled and directed to another file set.
NOTE IP and ICMP tracing are still available when IPSec is running.
Packets secured with AH are still in clear text and the packet
contents are still visible through a nettl trace. The output format