HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_report(1M) ipsec_report(1M)

(IPSec Software Required)

Quick Modes Processed

This indicates the number times the IKE SA was used to negotiate a pair of IPsec SAs (each

Quick Mode negotiation results in a pair of IPsec SAs).

Lifetime

The maximum lifetime for the IKE SA, in seconds, as negotiated with the remote IKE entity.

If this lifetime is exceeded, the IKE SA is deleted.

The

ipsec_report -sa ike

command displays the following report:

------------------------ IKE SA ------------------------------

Sequence number: 1

Role: Responder

Local IP Address: 192.1.1.1

Remote IP Address: 192.1.1.3

Oakley Group: 2 Authentication Method: Pre-shared Keys

Authentication Algorithm: HMAC-MD5 Encryption Algorithm: AES128-CBC

Quick Modes Processed: 1 Lifetime (seconds): 28800

REPORT: ipsec_report -gateway active and ipsec_report -gateway conﬁgured

The

ipsec_report -gateway active

output shows entries for gateway IPsec policies that either

do not use a tunnel, or those that use a tunnel and the tunnel source address is an active IP interface (a

conﬁgured IP interface, up or down).

The output for

ipsec_report -gateway active

and ipsec_report -gateway configured

are the same, except for the header. The header

Active Gateway Policy Rule

precedes active

gateway policy entries and the header

Configured Gateway Policy Rule

precedes conﬁgured

gateway policy entries.

Gateway policy ﬁelds are deﬁned as follows:

Rule Name

A character string used as the name of the policy rule.

An integer used internally by IPSec to index the entries.

An integer used to cross-reference entries in the cache and policy (rule) tables kept by the Pol-

icy daemon. Only active rules with SAs have a cookie value.

Src IP Address

The source end system IP address. (The source end-to-end address for outbound packets; the

destination end-to-end address for inbound packets.)

Prefix

The number of bits that must match when comparing IP addresses, beginning with the left-

most bit.

Port number

(This ﬁeld is only present if the network protocol is TCP, UDP, or ALL.) The source or desti-

nation port number for the upper-layer protocol.

Dst IP Address

The destination end system IP address. (The destination end-to-end address for outbound

packets; the source end-to-end address for inbound packets.)

Network Protocol

The upper-layer protocol in the IP header.

Action

The action or transform applied to packets matching this entry. Possible values follow:

Forward

Forward the packet in clear text if no tunnel is speciﬁed, or forward through an IPsec

tunnel if a tunnel is speciﬁed.

Discard

Discard the packet.

FLAGS

(This ﬁeld is not present if there are no ﬂags conﬁgured.) The ﬂags conﬁgured for this policy.

60 Hewlett-Packard Company − 10 − HP-UX IPSec A.02.01