HP-UX IPSec version A.02.00 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 5 171
Symptoms
No error message or interruptions to user service, but no SAs are
established, or IPSec is passing packets that should be discarded to
upper layers.
Solution
Run the following commands:
ipsec_report -sad (check for IPSec/QM SAs)
ipsec_policy (determine the policy being used)
ipsec_report -cache (check the cached policy decisions)
ipsec_report -host (check for active host IPSec policies)
ipsec_report -bypass (verify that the local address is not in the bypass
list)
Check the configuration file for incorrect addresses, order, or other
incorrect information.
If HP-UX IPSec is misconfigured to pass packets that it should
authenticate or encrypt, there will be no obvious external symptoms.
Check if HP-UX IPSec actually established SAs and is
encrypting/authenticating the packets. Check for IPSec/QM SAs using
the following commands:
ipsec_report -sad
ipsec_report -host
If there are no SAs for the IP packets that you expect and no user error,
HP-UX IPSec is probably misconfigured and passing packets it should
not. Check to see which IPSec policy is being used by running
ipsec_policy, or by executing the ipsec_report -cache and
ipsec_report -host commands.
Verify that the local IPv4 address is not in the bypass list (ipsec_report
-bypass).