HP-UX IPSec version A.02.01 Administrator's Guide

Troubleshooting HP-UX IPSec

Reporting Problems

Chapter 7212

output will be sent to /var/admin/ipsec/nettl.TRC0 and

/var/admin/ipsec/nettl.TRC, if nettl tracing is not already

enabled and directed to another file set.

NOTE IP and ICMP tracing are still available when IPsec is running.

Packets secured with AH are still in clear text and the packet

contents are still visible through a nettl trace. The output format

using netfmt can only be parsed for the IP header. The netfmt

utility displays any data following the IP header as hexadecimal

values.

• Relevant configuration files.

HP-UX IPSec configuration database:

/var/adm/ipsec/config.db

A formatted listing of the configuration database. Use the following

command to get a listing:

ipsec_config show all

Security certificate files, if you are using them:

— /var/adm/ipsec/cainfo.txt

— /var/adm/ipsec/ipsec.cert

— /var/adm/ipsec/ipsec.key

IP configuration file:

/etc/rc.config.d/netconf

• If the problem is reproducible, recreate it with the audit level set to

informative.

• Run the following ndd commands:

ndd -get /dev/ip ip_ipsec_polist

ndd -get /dev/ip ip_ipsec_salist

ndd -get /dev/ip ip_ipsec_status