HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

This ﬁeld is not present for manual keys. There are no maximum lifetimes for manual key SAs

since they are static.

The

ipsec_report -sa ipsec

command displays the following report:

------------------------

IPsec SA ------------------------

Sequence number: 1

SPI (hex): 1FE472 State: MATURE

SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication

Src IP Addr: 192.1.1.1 Dst IP Addr: 192.1.1.3

--- Current Lifetimes ---

bytes processed: 3384

addtime (seconds): 14

usetime (seconds): 12

--- Hard Lifetimes ---

bytes processed: 0

addtime (seconds): 28800

usetime (seconds): 28800

------------------------

IPsec SA ------------------------

Sequence number: 2

SPI (hex): 241988 State: MATURE

SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication

Src IP Addr: 192.1.1.3 Dst IP Addr: 192.1.1.1

--- Current Lifetimes ---

bytes processed: 1648

addtime (seconds): 14

usetime (seconds): 12

--- Hard Lifetimes ---

bytes processed: 0

addtime (seconds): 28800

usetime (seconds): 28800

REPORT: ipsec_report -sa ike

The

-sa ike option displays the IKE SA entries, which contain information about IKE Security Associa-

tions (SAs) established by the IKE daemon (ikmpd).

Fields are deﬁned as follows:

Sequence Number

An integer used internally by the IKE daemon to index the entries.

Role

Indicates if the local system initiated the IKE SA (

Initiator

) or responded to a remote

request to establish the IKE SA (

Responder).

Local IP Address

The local IP address.

Remote IP Address

The remote (peer) IP address.

Oakley Group

The Oakley Group determines the numeric base for values used in the Difﬁe-Hellman

exchange of the IKE protocol. Possible values are deﬁned in the Oakley Key Determination

protocol speciﬁcation (RFC 2412) and include

(768-bit prime, Modular Exponentiation,

MODP) and

(1024-bit prime, MODP).

Authentication Method

The method used by the two IKE entities to verify each other’s identity, also known as primary

authentication. Possible values include Pre-sharedKeys and RSA signature.

Authentication Algorithm

The algorithm used to authenticate the IKE protocol messages after the initial exchange.

Encryption Algorithm

The algorithm used to encrypt the IKE protocol messages after the initial exchange.

HP-UX IPSec A.02.01 − 9 − Hewlett-Packard Company 59