HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

101

102

103

104

105

106

107

108

109

110

Step 8: Committing the Batch File Configuration and Verifying Operation

Use the following procedure to verify the operation of your HP-UX IPSec configuration.

1. Commit the batch file operations to the configuration database with the following command:

ipsec_config batch batch_file_name

2. Verify the contents of the configuration database with the following command:

ipsec_config show all

The ipsec_config utility displays the contents of the configuration database. The contents

include the configuration parameters supplied by the profile file, and configuration records

automatically generated by ipsec_config , such as records for default policies and one

for startup options. The IPsec policies are sorted in priority order. You will see output similar

to the following:

startup

-autoboot OFF

-auditlvl ERROR

host telnet_from_nodeCW

-source 10.2.2.2/32/0-65535

-destination 10.1.1.1/32/23

-protocol 6

-priority 20

-action ESP_3DES_HMAC_SHA1/28800/0

-flags NONE

host default

-action PASS

3. Start HP-UX IPSec with following command:

ipsec_admin -start

4. Check the status of HP-UX IPSec using the following command:

ipsec_admin -status

You will see output similar to the following:

----------------- IPSec Status Report -----------------

Time: Thu Dec 24 15:21:37 1998

secauditd program: Running and responding

secpolicyd program: Running and responding

ikmpd program: Running and responding

IPSec kernel: Up

IPSec Audit level: Error

IPSec Audit file: /var/adm/ipsec/auditThu-Dec-24-15-21-49-1998.log

Max Audit file size: 100 KBytes

Level 4 tracing: None

-------------- End of IPSec Status Report -------------

During normal operation, the status of the secauditd , secpolicyd and ikmpd programs

will be Running and responding and the status of the IPSec kernel will be Up.

5. Verify host IPsec policies with AH or ESP transforms.

To verify proper operation of host IPsec policies with AH or ESP transforms, generate

network traffic that matches the IPsec policy packet filter or that matches the IPsec policy

IP address, port, and protocol parameters.

After doing so, enter the following command to display the IKE and IPsec SAs:

ipsec_report -sa

Alternatively, you can enter the following command:

ipsec_report -all

Step 8: Committing the Batch File Configuration and Verifying Operation 107