HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 7216
Symptoms
Link errors (unable to connect) and ipsec_report -sa ipsec shows
no IPsec SAs.
Solution
Determine if IKE SA negotiations are succeeding. Run the following
commands:
ipsec_report -sa ike
ipsec_report -audit
file
Check for Main Mode processing failed, MM negotiation timeout
error messages in the log file.
Additional Information
If HP-UX IPSec is configured to encrypt/authenticate but failing, it will
appear as a connection error (unable to connect or connection timed
out) to the user.
If users are consistently getting connection errors for traffic that should
use HP-UX IPSec for encryption or authentication, check for IPsec SAs
using the following commands:
ipsec_report -sa ipsec
ipsec_report -host
Determine if IPsec is successfully creating the IKE SA. Check for IKE
SAs using the following command:
ipsec_report -sa ike
If there is no IKE SA, check the audit log for failed attempts to establish
IKE SAs using the following command:
ipsec_report -audit /var/adm/ipsec/audit
dateinfo
.log
Check the log file for IKMPD Main Mode processing failed error
entries such as the following:
Msg: 31 From: IKMPD LVL: ERROR Date: Wed Oct 31 11:44:10 2001
Event: Phase 1 MM processing failed
Also check the log file for MM negotiation timeout error entries such as
the following: