HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Procedures
Chapter 7 203
Troubleshooting Procedures
This section describes the following troubleshooting procedures:
• “Checking Status” on page 203
• “Isolating HP-UX IPSec Problems from Upper-layer Problems” on
page 205
• “Checking Policy Configuration” on page 206
• “Isolating HP-UX IPSec Problems from Upper-layer Problems” on
page 205
• “Checking Policy Configuration” on page 206
• “Configuring HP-UX IPSec Auditing” on page 207
Checking Status
HP-UX IPSec has five main modules:
• IKE (ISAKMP/Oakley) daemon (ikmpd)
• Policy daemon (secpolicyd)
• Audit daemon (secauditd)
• Kernel Policy engine
• Kernel Security Association engine
The following command verifies the status of these modules:
ipsec_admin -status
This command sends status check messages to the IPsec daemons and
checks kernel parameters to see if the kernel IPsec components are
enabled.
You can also use the following command to get status information:
ipsec_report -all [-file
filename
]
This command will show some HP-UX IPSec activity even if there is no
peer system running HP-UX IPSec. The -file option saves the output to
the specified filename. This command performs the following tasks: