HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

--- Current Lifetimes ---

bytes processed: 3384

addtime (seconds): 14

usetime (seconds): 12

--- Hard Lifetimes ---

bytes processed: 0

addtime (seconds): 28800

usetime (seconds): 28800

------------------------

IPSec SA ------------------------

Sequence number: 2

SPI (hex): 241988 State: MATURE

SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication

Src IP Addr: 192.1.1.3 Dst IP Addr: 192.1.1.1

--- Current Lifetimes ---

bytes processed: 1648

addtime (seconds): 14

usetime (seconds): 12

--- Hard Lifetimes ---

bytes processed: 0

addtime (seconds): 28800

usetime (seconds): 28800

REPORT: ipsec_report -mad

The

-mad

option displays the ISAKMP Main Mode SA entries, which contain information about ISAKMP

or "Main Mode" Security Associations (SAs) established by the IKE daemon (ikmpd).

Fields are deﬁned as follows:

Sequence Number

An integer used internally by the IKE daemon to index the entries.

Role

Indicates if the local system initiated the ISAKMP SA (

Initiator

) or responded to a remote

request to establish the ISAKMP SA (

Responder

Local IP Address

The local IP address.

Remote IP Address

The remote (peer) IP address.

Oakley Group

The Oakley Group determines the numeric base for values used in the Difﬁe-Hellman

exchange of the ISAKMP protocol. Possible values are deﬁned in the Oakley Key Determina-

tion protocol speciﬁcation (RFC 2412) and include

1 (768-bit prime, Modular Exponentiation,

MODP) and

(1024-bit prime, MODP).

Authentication Method

The method used by the two ISAKMP entities to verify each other’s identity, also known as pri-

mary authentication. Possible values include

Pre-sharedKeys and RSA signature

Authentication Algorithm

The algorithm used to authenticate the ISAKMP protocol messages after the initial exchange.

Encryption Algorithm

The algorithm used to encrypt the ISAKMP protocol messages after the initial exchange.

Quick Modes Processed

This indicates the number times the ISAKMP SA was used to negotiate a pair of IPSec SAs

(each Quick Mode negotiation results in a pair of IPSec SAs).

Lifetime

The maximum lifetime for the ISAKMP SA, in seconds, as negotiated with the remote ISAKMP

entity. If this lifetime is exceeded, the ISAKMP SA is deleted.

The

ipsec_report -mad command displays the following report:

HP-UX IPSec A.02.00 − 9 − Hewlett-Packard Company 49