HP-UX IPSec version A.02.01 Administrator's Guide
Troubleshooting HP-UX IPSec
Troubleshooting Scenarios
Chapter 7 223
nettl -ss
The default STREAMS log classes are error and disaster. If the
STREAMS log classes do not include the error and disaster classes,
use the nettl command to set them. You can do this by executing a
command similar to the following command:
nettl -log e d -e streams
2. Format the current nettl log file. You can do this by executing a
command similar to the following command:
netfmt /var/adm/nettl.LOG000 > my_log_output
3. If the STREAMS log classes did not previously include the error and
disaster classes, re-create the manual key problem.
4. Examine the output and search for records logged by HP-UX IPSec
streams modules. Search for the string ipsec.
You may see entries similar to the following, which indicate
mis-matched cryptographic keys in an inbound packet:
24 01:36:26 78194680 1 T.. 0 0 ipsec_ip_rput_local_esp:
Can't pullup pad/protocol (1 76 185)
25 01:36:30 78194986 1 T.. 0 0 ipsec_ip_rput_local_esp:
Padding checks failed
Examining Additional Audit Entries Set the HP-UX IPSec audit
level to WARNING or higher to see additional entries for manual key
problems. Use the following procedure to search for manual key audit
records.
1. Set the HP-UX audit level to warning by executing the following
command:
ipsec_admin -auditlvl warning
2. Re-create the manual key problem.
3. Display the contents of the audit file by executing the following
command:
ipsec_report -audit audit_file
4. Examine the output and search for records with the address of the
remote system. You may see entries similar to the following: