HP-UX IPSec version A.02.01 Administrator's Guide
Quick Configuration Procedure and Tips
Step 4: Committing the Batch File Configuration and Verifying Operation
Chapter 3 81
HP-UX IPSec always contains a host IPsec policy named default
which is searched last. The default policy is configured with PASS as
the action by default.
To verify proper operation of IPsec policies with Pass or Discard
actions in the transform list, generate network traffic that matches
the IPsec policy IP address, port, and protocol parameters.
Enter the following command to determine the action taken by
HP-UX IPSec.
ipsec_report -cache
Search the command output for the entry with the matching source
and destination IP addresses, source and destination port numbers,
and protocol. Check the value of the Filter field. This is the action
taken by HP-UX IPSec. Match the transform configured for the IPsec
policy pass or discard).
For more information on the ipsec_report command, refer to the
ipsec_report (1M) manpage.
6. Verify host IPsec policies with AH or ESP transforms.
To verify proper operation of host IPsec policies with AH or ESP
transforms, generate network traffic that matches the IPsec policy
packet filter or that matches the IPsec policy IP address, port, and
protocol parameters.
After doing so, enter the following command to display the IKE and
IPsec SAs:
ipsec_report -sa
Alternatively, you can enter the following command:
ipsec_report -all
From the output of ipsec_report, you can verify the status of the
outbound IPsec SA for the packets using the IPsec policy you are
verifying.
Check the active host IPsec policies (ipsec_report -host output)
for entries that correspond to the IPsec policy you are verifying.
There will be multiple entries for each host IPsec policy. Find an
outbound entry with SA information, including inbound and
outbound SPIs: