Manualshelf

HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
51525354555657585960
i
ipsec_report(1M) ipsec_report(1M)
(IPSec Software Required)
-entity ikmpd|ipsec_admin|ipsec_policy|ipsec_report|secauditd|secpolicyd
Display the audit records only for the specified entity. This option must be used with
-audit
option.
-file report_file
Redirects all report output to a report file. If the report file already exists,
ipsec_report
overwrites the file; otherwise
ipsec_report creates the file.
RETURN VALUE
Upon successful completion,
ipsec_report returns 0; otherwise it returns 1.
ERRORS
ipsec_report fails if any of the following conditions is encountered:
Command used incorrectly - ipsec_report returns a usage message.
IPSec is not active and the user attempts to use the
-sa ike
option
-ipsec_report
returns
the message:
IPSEC_REPORT: ALERT-sendto() error to the IKE Daemon, errno: 2.
EXAMPLES
The following excerpts of command outputs are from a system with a local address
192.1.1.1
. The sys-
tem has an IPsec policy configured to encrypt and authenticate all inbound telnet sessions (the local sys-
tem is the telnet server) from addresses in the
192.1.1.* subnet. A telnet session has been esta-
blished to this system from a system with address 192.1.1.3, and HP-UX IPSec has established SAs to
secure the packets.
REPORT: ipsec_report -host active
The
-host active
option displays information about the active host IPsec policy rules. For each
configured host IPsec policy, HP-UX IPSec creates at least one inbound and one outbound rule. These
inbound/outbound rules are applied to inbound and outbound traffic respectively. The
ipsec_report
-host active
command displays all the outbound rules, then the inbound rules.
If a configured host IPsec policy specifies a wildcard source address, HP-UX IPSec creates one inbound
and one outbound rule for each applicable active interface, and replaces the wildcard source address with
the interface address.
HP-UX IPSec also creates outbound entries for policies that have IPsec Security Associations (SAs) esta-
blished or in the process of being established. For the telnet subnet policy above, the telnet session
causes HP-UX IPSec to create a second, outbound rule with SAs for the packets for the telnet session
from address
15.1.1.3. The output for this rule also includes the information about IPsec Security
Associations (SAs) established.
The last entry is default host IPsec policy.
IPsec policy fields are defined as follows:
Rule Name
A character string used as the name of the rule.
ID An integer used internally by IPSec to index the entries.
Cookie
An integer used to cross-reference entries in the cache and policy (rule) tables kept by the Pol-
icy daemon. Only active rules with SAs have a cookie value.
Src IP Address
The source IP address.
Prefix
The number of bits that must match when comparing IP addresses, beginning with the left-
most bit. The prefix field is not included if the corresponding IP address is a wildcard address.
Port number
The source or destination port number for the upper-layer protocol. In this example, it is the
TCP port number. TCP port number 23 is the well-known port number for the telnet service
(23).
Dst IP Address
The destination IP address.
52 Hewlett-Packard Company 2 HP-UX IPSec A.02.01