HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Reporting Problems
Chapter 7 211
Reporting Problems
Be sure to include the following information when reporting problems:
• A complete description of the problem and any error messages.
Include information about:
— the local system (IP addresses)
— IP addresses of relevant remote systems
— routing table information (netstat -rn output) if appropriate
Also include a description of what works as well as what does not
work.
•Output from ipsec_admin -status.
•Output from ipsec_report -all.
•Output from ipsec_report -audit
audit_file
for additional
audit files. The ipsec_report -all output includes the contents of
the current audit file, but you may need to collect multiple audit files
to get all the records for a problem. HP-UX IPSec opens a new audit
file when the current file will exceed the maximum audit file size.
The default maximum audit file size is 100 Kbytes. You can change
the maximum audit file size using the ipsec_admin -m[axsize]
max_audit_file_size
command.
If you can reproduce the problem, set the audit level to informative
or debug, and set the maximum audit file size to a large value, such
as 99,999 kilobytes. For example, you can enter the following
commands before reproducing the problem:
ipsec_admin -maxsize 99999
ipsec_admin -auditlvl informative
•Output from ipsec_policy. Specify as many parameters as you can
(source IP address, source port, destination IP address, destination
port, protocol).
• If the problem may be caused by the transport or application layer,
enable layer four tracing (ipsec_admin -traceon), recreate the
problem, and then disable tracing (ipsec_admin -traceoff). Trace