Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Quick Configuration Procedure and Tips
Step 4: Committing the Batch File Configuration and Verifying Operation
Chapter 382
----------------- Active IPsec Policy -----------
Rule Name: telnet_in ID: 3 Cookie: 4 Priority: 10
Src IP Addr: 15.1.1.1 Prefix: 32 Port number:23
Dst IP Addr: 15.2.2.2 Prefix: 32 Port number: *
Network Protocol: * Direction: outbound
Action: Dynamic key SA State: Ready
Number of SA(s) Needed: 1 Pair(s)
Number of SA(s) Created: 1 Pairs(s)
Kernel Requests Queued: 0
Proposal 1: Transform: ESP-AES128-HMAC-SHA1
Lifetime Seconds: 28800
Lifetime Kbytes: 0
-- SA Pair Number 1 --
SA Type: ESP
Encryption Algorithm: AES128-CBC
Authentication Algorithm: HMAC-SHA1
Outbound SPI (hex): BE882
Inbound SPI (hex:) 13BDB7
You can also check the IPsec SA database output (ipsec_report
-sa ipsec output) for the SAs with the corresponding SPIs:
------------- IPsec SA ----------------
Sequence number: 1
SPI (hex): BE882 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1
authentication
Src IP Addr: 15.1.1.1 Dst IP Addr: 15.2.2.2
--- Current Lifetimes ---
bytes processed: 6256
addtime (seconds): 3
usetime (seconds): 30
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 28800
The information for the inbound IPsec SA corresponds to inbound
traffic from the remote system (the source address is 15.2.2.2).
----------- IPsec SA ------------------------
Sequence number: 2
SPI (hex): 13BDB7 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1
authentication
Src IP Addr: 15.2.2.2 Dst IP Addr: 15.1.1.1
--- Current Lifetimes ---
bytes processed: 6344