HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

SA Pair Number

(The SA information is only present for outbound entries created for SAs.) Internal index for

the SA for this packet. Normally, there is only one SA and this label is

SA Number 1

. How-

ever, a packet with a nested transform (an ESP nested within an AH) or one that is sent

through a tunnel would require multiple SAs.

SA Type

Indicates the IPSec transform for this SA. Possible values are

AH (Authentication Header) and

ESP

(Encapsulating Security Payload).

Encryption Algorithm

(This ﬁeld is only present if the Security Association Type is ESP.) The encryption algorithm

used for the SA, as negotiated with the remote system.

Authentication Algorithm

(This ﬁeld is only present if the Security Association Type is AH or authenticated ESP.) The

authentication algorithm used for the SA, as negotiated with the remote system.

Outbound SPI

and

Inbound SPI

The Security Parameters Index (SPI). The SPI is included in the IPSec AH or ESP protocol

header transmitted to the remote system. The SPI is also used to index IPSec SA entries in the

kernel Security Association database.

The inbound rule entries do not contain SA information because the system will receive these

packets with a Security Parameters Index (SPI) in the Authentication Header (AH) or Encap-

sulating Security Payload (ESP) header. HP-UX IPSec uses the SPI to ﬁnd an entry in the

kernel Security Association database and does not query the Policy Manager for inbound pack-

ets.

The

ipsec_report -host active

command displays all the outbound rules, then the inbound

rules.

------------------- Active Host Policy Rule ---------------------

Rule Name: telnet_in ID: 5 Priority: 10

Src IP Addr: 192.1.1.1 Prefix: 32 Port number: 23

Dst IP Addr: 192.1.1.0 Prefix: 24 Port number: 0

Network Protocol: TCP Direction: outbound

Action: Dynamic key SA FLAGS: EXCLUSIVE

Number of SA(s) Needed: 1 Pair(s)

Active Sessions Created: 1

Proposal 1: Transform: ESP-AES128-HMAC-SHA1

Lifetime Seconds: 28800

Lifetime Kbytes: 0

------------------- Active Host Policy Rule ---------------------

Rule Name: telnet_in ID: 5 Cookie: 3 Priority: 10

Src IP Addr: 192.1.1.1 Prefix: 32 Port number: 23

Dst IP Addr: 192.1.1.3 Prefix: 32 Port number: 56122

Network Protocol: TCP Direction: outbound

Action: Dynamic key SA State: Ready

FLAGS: EXCLUSIVE

Number of SA(s) Needed: 1 Pair(s)

Number of SA(s) Created: 1 Pair(s)

Proposal 1: Transform: ESP-AES128-HMAC-SHA1

Lifetime Seconds: 28800

Lifetime Kbytes: 0

-- SA Pair Number 1 --

SA Type: ESP

Encryption Algorithm: AES128-CBC

Authentication Algorithm: HMAC-SHA1

Outbound SPI (hex): 1FE472

Inbound SPI (hex): 241988

------------------- Active Host Policy Rule ---------------------

Rule Name: telnet_in ID: 5 Priority: 10

Src IP Addr: 192.1.1.0 Prefix: 24 Port number: 0

Dst IP Addr: 192.1.1.1 Prefix: 32 Port number: 23

44 Hewlett-Packard Company − 4 − HP-UX IPSec A.02.00