HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

Fields are deﬁned as follows:

Cache Policy Record

An integer used internally by HP-UX IPSec to index the entries.

An integer used to cross-reference entries in the cache and policy tables kept by the Policy dae-

mon. All cache entries based on the same active policy entry will have the same cookie value.

Src IP Address

The source IP address.

Src Port number

The source port number for the upper-layer protocol. In this example, it is the TCP port

number.

Dst IP Address

The destination IP address.

Dst Port number

The destination port number for the upper-layer protocol. In this example, it is the TCP port

number and it is the well-known port for the telnet service (23).

Network Protocol

The upper-layer protocol in the IP header.

Direction

Indicates if this cache entry is for inbound (packets received by the local system or outbound

(packets sent from the local system) packets.

Action

Indicates the action or transform applied to packets matching this entry. Possible values are

Secure

(authenticate and/or encrypt using an IPSec transform: Authentication Header, AH,

and/or Encapsulating Security Payload, ESP),

Pass (pass in clear text), or

Discard (discard

the packet).

If the action (

Action)isSecure

, and the direction is

outbound the entry will have information about

the IPSec Security Associations (SAs) established for packets matching the 5-tuple for this entry.

The SA ﬁelds are deﬁned as follows:

SA Number

Internal index for the SA for this packet. Normally, there is only one SA and this label is

Number 1

. However, a packet with a nested transform (an ESP nested within an AH) or one

that is sent through a tunnel would require multiple SAs.

State

Indicates the state of the SA. Possible values are

SA Created

(indicates that the SA has

been established and is active),

SA Requested (indicates that this SA is in the process of

being created).

Security Association Type

Indicates the IPSec transform for this SA. Possible values are

AH (Authentication Header) and

ESP (Encapsulating Security Payload).

Tunnel SA

Indicates if the SA being used to send the packet through an IPSec tunnel.

SPI The Security Parameters Index (SPI). The SPI is included in the IPSec AH or ESP protocol

header transmitted to the remote system. The SPI is also used to index IPSec SA entries in the

kernel Security Association database.

Src IP Address

The source IP address that will be used in the IP header. This may be different than the origi-

nal source IP address if tunneling is being used.

Dst IP Address

The destination IP address that will be used in the IP header. This may be different than the

original destination IP address if tunneling is being used.

The

ipsec_report -cache command displays the following report:

HP-UX IPSec A.02.00 − 7 − Hewlett-Packard Company 47