HP-UX IPSec version A.02.01 manpages
i
ipsec_report(1M) ipsec_report(1M)
(IPSec Software Required)
NAME
ipsec_report - report information about IPSec
SYNOPSIS
/usr/sbin/ipsec_report
[
-all
][
-bypass
][
-cache
]
[
-sa
[all
|ike
|ipsec
]]
[
-host
[act
[ive
]|conf[igured]]
[
-gw
|
gateway [
act[
ive
]|conf[igured]]
[
-tun
[nel
]] [
-ike
][
-ip
]
[
-audit
audit_file
[
-entity
ipsec_admin | ipsec_report |ipsec_policy | secauditd | ikmpd | secpolicyd]]
[-file
report_file ]
DESCRIPTION
The
ipsec_report utility reports information about the active HP-UX IPSec system, including data
from the Policy daemon, IKE (Internet Key Exchange) daemon, the IPSec kernel, and the contents of the
current active IPSec audit file.
The
ipsec_report utility requires the optional HP-UX IPSec software. You must have superuser
capability to run
ipsec_report.
Command-Line Arguments
ipsec_report accepts the following command-line arguments:
-all
Displays report information for all options. This is the default option when no options are
given to ipsec_report.
-sa
[all
|
ike|ipsec] Displays the current Security Associations (SAs). The
-sa ike arguments
display the current IKE SAs established and recorded by the IKE daemon. The -sa ipsec
arguments display the current IPsec SAs kept in the kernel Security Association Engine data-
base. The
-sa
or -sa all
arguments display the IKE and IPsec SAs (it is equivalent to
specifying
-sa ike and
-sa ipsec).
-ike
Displays the IKE policies kept by the Policy daemon.
-host
[active
|configured]
Displays the information about the active host IPsec policies kept by the Policy daemon (
-
host active
or -host
), or displays the information about the configured host IPsec Poli-
cies (
-host configured
). An active host IPsec policy is a policy that is associated with an
active IP interface (a configured IP interface, up or down).
-gateway [
active|configured]
Displays the information about the active gateway IPsec policies kept by the Policy daemon
(
-gateway active
or -gateway), or displays the information about the configured gate-
way IPsec Policies (
-gateway configured
). An active gateway IPsec policy is a policy that
either does not use a tunnel, or one that uses a tunnel and the tunnel source address is an
active IP interface (a configured IP interface, up or down).
-tun[nel
]
Displays the information about tunnel IPsec policies kept by the Policy daemon.
-ip
Display the active IP interfaces (the IP interfaces configured in the system). An active inter-
face is an interface that is configured in the system with a non-zero IP address, and can be up
or down. Note that if you unplumb or remove the address for an interface by assigning it an
all-zero IP address, ipsec_report may still show the interface in the active interface list
for 30 seconds, but after 30 seconds, HP-UX IPSec removes it from the active interface list.
-bypass
Display the configured bypass list kept by the Policy daemon.
-audit audit_file [-entity entity]
Displays the contents of audit_file, an IPsec audit file. Use the command ipsec_admin
-status to determine the current IPsec audit file.
HP-UX IPSec A.02.01 − 1 − Hewlett-Packard Company 51