HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Procedures
Chapter 7204
• Queries the kernel Security Association (SA) engine for active IPsec
SAs on this system. If there is no peer IPsec system and/or no active
IPsec SAs, the kernel SA engine will respond that there are no IPsec
SAs to report. You can also do this by entering the command:
ipsec_report -sa ipsec
• Queries the IKE daemon for IKE SAs. If there is no peer IPsec
system or no IPsec traffic, the IKE daemon will respond that there
are no IKE SAs to report. You can also do this by entering the
following command:
ipsec_report -sa ike
• Queries the policy daemon and reports the IKE policies. You can also
do this by entering the following command:
ipsec_report -ike
• Queries the policy daemon and reports the configured host IPsec
policies. You can also do this by entering the following command:
ipsec_report -host configured
• Queries the policy daemon and reports the active host IPsec policies.
To create the list of active host IPsec policies, the policy daemon
expands configured host IPsec policies with wildcard and subnet
specifications for the active IP interfaces (configured UP or DOWN,
plumbed) on the local system. The policy daemon also creates active
host IPsec policies as needed for active traffic by expanding remote
IP address specifications and any other wildcard field values. You
can also do this by entering the following command:
ipsec_report -host [active]
• Queries the policy daemon and reports the active gateway IPsec
policies. You can also do this by entering the following command:
ipsec_report -gateway [active]
• Queries the policy daemon and reports the tunnel IPsec policies. You
can also do this by entering the following command:
ipsec_report -tunnel
• Queries the policy daemon and reports the interfaces in the bypass
list. You can also do this by entering the following command:
ipsec_report -bypass