HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

IPSec: On

---------------------------

System Configured Interface -------------

Interface Name: lan1 Address: 192.2.2.1

IPSec: Off

---------------------------

System Configured Interface ------------

Interface Name: lan0:1* Address: 192.1.3.3

IPSec: On

REPORT: ipsec_report -ike

The

-ike

option displays the IKE Policies that were conﬁgured by the IPSec administrator and loaded by

the IPsec Policy daemon.

Fields are deﬁned as follows:

Rule Name

A character string used as the name of the policy.

Priority

The priority for the IKE policy.

An integer used internally by HP-UX IPSec to identify this policy.

Remote IP Address

The peer’s IP address.

Prefix

The number of bits that must match when comparing IP addresses, beginning with the left-

most bit. The preﬁx ﬁeld is not included if the corresponding IP address is a wildcard address.

Group Type

The Oakley Group, which determines the numeric base for values used in the Difﬁe-Hellman

exchange of the IKE protocol. Possible values are deﬁned in the Oakley Key Determination

protocol speciﬁcation (RFC 2412) and include

1 (768-bit prime, Modular Exponentiation,

MODP) and

2 (1024-bit prime, MODP).

Authentication Method

The method used by the two IKE entities to verify each other’s identity, also known as primary

authentication. Possible values are

Pre-sharedKeys and

RSA signature.

Authentication Algorithm

The algorithm used to authenticate the IKE protocol messages after the initial exchange.

Encryption Algorithm

The algorithm used to encrypt the IKE protocol messages after the initial exchange.

Number of Quick Modes

The conﬁgured maximum number of Quick Mode negotiations per IKE SA (each Quick Mode

negotiation results in a pair of IPsec SAs).

Lifetime

The conﬁgured preferred maximum lifetime to use for the IKE SA, in seconds. The actual

maximum lifetime used is negotiated with the remote IKE entity.

Action

Indicates the action applied to packets matching this entry. This is always

Secure.

The

ipsec_report -ike

command displays the following report:

---------------------------- IKE Rule -----------------------------

Rule Name: 192.1.1.net Priority: 10 Cookie: 4

Remote IP Address: 192.1.1.0 Prefix: 24

Group Type: 2 Authentication Method: Pre-shared Keys

Authentication Algorithm: HMAC-MD5 Encryption Algorithm: 3DES-CBC

Number of Quick Modes: 100 Lifetime (seconds): 28800

Action: Secure

56 Hewlett-Packard Company − 6 − HP-UX IPSec A.02.01