HP-UX IPSec version A.02.00 manpages
ipsec_report(1M) ipsec_report(1M)
(IPSec Software Required)
NAME
ipsec_report - report information about IPSec
SYNOPSIS
/usr/sbin/ipsec_report
[
-all
][
-bypass
][
-cache
][
-mad
][
-sad
][
-host
[
act|
active | conf | configured ]] [
-gw
|gateway [
act|
active
| conf|configured ]]
[
-tun
[nel
]] [
-ike
][
-ip
][
-audit
audit_file [
-entity
ipsec_admin | ipsec_report | ipsec_policy | ipsec_mgr | secauditd | ikmpd | secpolicyd]]
[-file
report_file ]
DESCRIPTION
The
ipsec_report utility reports information about the active HP-UX IPSec system, including data
from the Policy daemon, IKE (Internet Key Exchange) daemon, the IPSec kernel, and the contents of the
current active IPSec audit file.
The
ipsec_report
utility requires the optional HP-UX IPSec software. You must have superuser
capability to run
ipsec_report.
Command-Line Arguments
ipsec_report
accepts the following command-line arguments:
-all
Displays report information for all options. This is the default option when no options are
given to ipsec_report.
-mad
Displays the current ISAKMP or Main Mode Security Associations (ISAKMP/MM SAs) esta-
blished and recorded by ISAKMP.
-sad
Displays the current IPSec or Quick Mode SAs (IPSec/QM SAs) kept in the kernel Security
Association Engine database.
-ike
Displays the IKE policies kept by the Policy daemon.
-host [
active|configured
]
Displays the information about the active host IPSec policies kept by the Policy daemon (
-
host active
or -host), or displays the information about the configured host IPSec Poli-
cies (-host configured). An active host IPSec policy is a policy that is associated with an
active IP interface (a configured IP interface, up or down).
-gateway
[active|configured
]
Displays the information about the active gateway IPSec policies kept by the Policy daemon
(
-gateway active or -gateway
), or displays the information about the configured gate-
way IPSec Policies (
-gateway configured
). An active gateway IPSec policy is a policy
that either does not use a tunnel, or one that uses a tunnel and the tunnel source address is an
active IP interface (a configured IP interface, up or down).
-tun[nel]
Displays the information about tunnel IPSec policies kept by the Policy daemon.
-ip
Display the active IP interfaces (the IP interfaces configured in the system). An active inter-
face is an interface that is configured in the system with a non-zero IP address, and can be up
or down. Note that if you unplumb or remove the address for an interface by assigning it an
all-zero IP address, ipsec_report
may still show the interface in the active interface list
for 30 seconds, but after 30 seconds, HP-UX IPSec removes it from the active interface list.
-bypass
Display the configured bypass list kept by the Policy daemon.
-audit audit_file [-entity entity]
Displays the contents of audit_file, an IPSec audit file. Use the command ipsec_admin
-status to determine the current IPSec audit file.
-entity ikmpd|ipsec_admin|ipsec_mgr|ipsec_policy|ipsec_report|secauditd|secpolicyd
Display the audit records only for the specified entity. This option must be used with -audit
option.
HP-UX IPSec A.02.00 − 1 − Hewlett-Packard Company 41