Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
211212213214215216217218219220
Troubleshooting HP-UX IPSec
Troubleshooting Procedures
Chapter 7 207
host policy on 192.1.1.1 is misconfigured, so the system sends the packets
in clear text. The output from the ipsec_report -cache command
shows the following entry:
-------------------Cache Policy Rule -----------------------
Cache Policy Record: 9 Cookie: 1
Src IP Address: 192.1.1.1 Src Port number: 56122
Dst IP Address: 192.1.1.3 Dst Port number: 23
Network Protocol: TCP Direction: outbound
Action: Pass
The output from the ipsec_report -host command shows the following
entry. In this configuration, Cookie 1 corresponds to the default host
IPsec policy, with the action PASS.
---------------- Active Host Policy Rule -------------------
Rule Name: default ID: 1 Cookie: 1
Action: Pass
Configuring HP-UX IPSec Auditing
You can configure or set the following HP-UX IPSec audit parameters:
audit level
•audit directory
maximum audit file size
You can change the audit parameters while HP-UX IPSec is active using
the ipsec_admin command. To change the audit parameters used every
time HP-UX IPSec starts, use the ipsec_config add startup
command. You can also specify audit parameters with the ipsec_admin
start command.
Audit Level
The HP-UX IPSec audit levels are defined as follows:
alert: Alert audit entries report events that may require
administrator attention, including security violations and attacks,
password violations, errors that may prevent correct operation of the
product, any error condition that is not recoverable, authentication
problems, significant changes in security parameters, unknown
message types, and changing of the HP-UX IPSec password or audit
level.