HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

Src IP Address

The source IP address that will be used in the IP header. This may be different than the origi-

nal source IP address if tunneling is being used.

Dst IP Address

The destination IP address that will be used in the IP header. This may be different than the

original destination IP address if tunneling is being used.

The

ipsec_report -cache

command displays the following report:

-------------------------Cache

Policy Rule ---------------------------

Cache Policy Record: 9 Cookie: 3

Src IP Address: 192.1.1.1 Src Port number: 23

Dst IP Address: 192.1.1.3 Dst Port number: 56122

Network Protocol: TCP Direction: outbound

Action: Secure

-- SA Number 1 --

State: SA Created

SA Type: ESP

Tunnel SA: No

SPI (hex): 1FE472

Src IP Address: 192.1.1.1

Dst IP Address: 192.1.1.3

REPORT: ipsec_report -sa ipsec

The

-sa ipsec option displays information about the IPsec Security Associations, as maintained by the

kernel Security Association Engine in the SA database.

Fields are deﬁned as follows:

Sequence Number

An integer used internally by the SA engine to index the entries.

SPI The Security Parameters Index (SPI). For outbound SAs (the source IP address is a local

address), the SPI is selected by the remote system and is included in the outbound IPsec AH or

ESP protocol header. For inbound SAs, this is the SPI selected by the local system and is used

to ﬁnd the correct SA when the local system receives a packet with an IPsec AH or ESP

header.

State

The state of the IPsec SA. Possible values are

Mature

(the SA is established and available for

use),

Larval (the SA is being established), and

Dead

(the SA is expired and not usable).

Security Association Type

Indicates the type of transform, such as

(Authentication Header) or

ESP (Encapsulating

Security Payload), and the authentication or encryption algorithm used.

Src IP Addr

The source IP address for the SA.

Dst IP Addr

The destination IP address for the SA.

Current Lifetimes

The current lifetime for the SA, as measured by the amount of data sent and received (bytes

processed), number of seconds since the SA was added to the database (addtime) or the

number of seconds since the SA was ﬁrst used to transmit or receive data (usetime).

Hard Lifetimes

The maximum lifetimes for the SA, as negotiated with the remote system. These are measured

by the amount of data sent or received (bytes processed), number of seconds since the SA was

added to the database (addtime) or the number of seconds since the SA was ﬁrst used to

transmit or receive data (usetime). If any of the three values is exceeded, the SA is deleted

and a new SA must be established if there is more data to send. Note that a value of 0 for

bytes processed indicates that the number of bytes processed is ignored (there is no maximum

lifetime based on bytes sent or received).

58 Hewlett-Packard Company − 8 − HP-UX IPSec A.02.01