HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

Network Protocol

The upper-layer protocol in the IP header.

Direction

Indicates if this entry is for inbound (packets received by the local system or outbound (packets

sent from the local system) packets.

Action

The action or transform applied to packets matching this entry. Possible values follow:

Dynamic key SA

Use dynamic keys to create IPsec SAs for an IPsec transform - an Authentication Header,

AH, and/or Encapsulating Security Payload, ESP.

Manual key SA

Use manual keys to create IPsec SAs for an IPsec transform.

Pass

Pass in clear text.

Discard

Discard the packet.

If the action (

Action)isDynamic key SA

Manual key SA

, the entry will have infor-

mation about the transform list for this policy.

FLAGS

(This ﬁeld is not present if there are no ﬂags conﬁgured.) The ﬂags conﬁgured for this policy.

Possible ﬂags are deﬁned as follows:

AUTOCONF

indicates that this policy is used for clients that use stateless or stateful address

autoconﬁguration.

EXCLUSIVE

indicates that session-based keying will be used. Only IP packets with the same 5-tuple

(the same source IP address, destination IP address, network protocol, source port and

destination port) will share the same IPsec SA pair.

MIPV6

indicates this policy is used for Mobile IPv6. HP-UX IPSec checks the Mobile IPv6 bind-

ing cache for routing information.

State

(This ﬁeld is only present for outbound entries created for SAs.) The status of the active rule.

Possible values for

State

are Ready (SAs are ready for use),

SPI(s) Not Established

(the initial state), SPI(s) Being Established

(SAs are being negotiated).

Tunnel Name

The name of the tunnel policy used with this host policy. This ﬁeld is not present if no tunnel

is used with this host policy.

Kernel Requests Queued

(This ﬁeld is not present for inbound entries or entries created for speciﬁc outbound SAs. It is

only present for general outbound entries for non-exclusive policies with non-subnet remote

addresses). The number of pending requests from the kernel to form IPsec SAs using this pol-

icy. Once the SA(s) are established, the queued kernel requests are processed and this value

will be 0.

Number of SA(s) Needed

(This ﬁeld is only present for outbound entries.) The number of IPsec SA pairs required for an

IP packet that uses this policy entry. If this policy uses a non-nested transform, only one SA

pair is needed. If this policy uses a nested transform (an ESP nested within an AH), two SA

pairs are needed.

Number of SA(s) Created

(This ﬁeld is only present for outbound entries created for SAs.) This indicates the number of

IPsec SA pairs actually created with the peer node. When negotiations are complete, this

number should match the Number of SA(s) Needed.

HP-UX IPSec A.02.01 − 3 − Hewlett-Packard Company 53