HP-UX IPSec version A.02.00 manpages
ipsec_policy(1M) ipsec_policy(1M)
(HP-UX IPSec Software Required)
NAME
ipsec_policy - HP-UX IPSec policy tester program
SYNOPSIS
/usr/sbin/ipsec_policy
[
-sa|
saddr src_ip_addr ][
-da|
daddr dst_ip_addr ][
-sp
|sport
src_port ][
-dp|
dport dst_port ][
-p|
protocol ICCMP|ICMPV6|IGMP|MH|TCP|UDP][
-
dir
|
direction out
|
in|
forward|fwd]
DESCRIPTION
ipsec_policy is a utility program that allows the HP-UX IPSec Administrator to query the active pol-
icy database to determine which host or gateway IPSec Policy will be used for an IP packet based on a
packet descriptor, or 5-tuple, and the direction. The packet descriptor consists of a source IP address,
source port number, destination IP address, destination port number, and network protocol. If the host
or gateway policy uses dynamic key Security Associations,
ipsec_policy also displays the IKE policy
used. If the host or gateway policy uses a tunnel policy,
ipsec_policy
also displays the tunnel policy
used.
ipsec_policy requires the optional HP-UX IPSec software.
ipsec_policy can only be run by the root user.
Command-Line Arguments
ipsec_policy
recognizes the following command-line options and arguments:
-sa
|saddr src_ip_addr
Specifies the source IP address (src_ip_addr ) of the packet. If the direction is out, this is the
local IP address. If the direction is in, this is the remote IP address. If the direction is forward
(for gateway IPSec policies), the gateway policy returned is the policy of the data path segment
for packets forwarded (not received) by the gateway with this source address (the data path
between the gateway and the destination).
Acceptable values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-
hexadecimal notation.
Default: If you omit the source address (
-sa) and destination address (
-da),
ipsec_policy uses the wildcard IPv4 address (
0.0.0.0
). If you omit the source address
but specify the destination address,
ipsec_policy uses the wildcard IPv4 address or wild-
card IPv6 address (0::0
) according to the type of IP address you specify for the destination
address.
-sp
|sport src_port
Specifies the source port number (src_port ) of the packet. If the direction is out, this is the
local port number. If the direction is in, this is the remote port number.
Range: An unsigned integer in the range 1 - 65535.
Default: Any port number (0).
If you are making a query for an outbound client-server application where the source port
number can be any user-space port, specify a "dummy" user-space port number for the source
port, such as 65535.
-da|daddr dst_ip_addr
Specifies the destination IP address (dst_ip_addr ) of the packet. If the direction is out, this is
the remote IP address. If the direction is in, this is the local IP address. If the direction is for-
ward (for gateway IPSec policies), the gateway policy returned is the policy of the data path
segment for packets forwarded by the gateway to this destination address (the data path
between the gateway and the destination).
Acceptable values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-
hexadecimal notation.
Default: If you omit the source address (
-sa) and destination address (-da),
ipsec_policy uses the wildcard IPv4 address (0.0.0.0). If you omit the destination
address but specify the source address, ipsec_policy uses the wildcard IPv4 address or
wildcard IPv6 address (0::0) according to the type of IP address you specify for the source
address.
38 Hewlett-Packard Company − 1 − HP-UX IPSec A.02.00