HP-UX IPSec Version A.03.00 Administrator's Guide
You should see two IPsec SAs (one for each direction) and one IKE SA. The output will be
similar to the following:
------------- IPsec SA ----------------
Sequence number: 1
SPI (hex): BE882 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication
Src IP Addr: 10.1.1.1 Dst IP Addr: 10.2.2.2
--- Current Lifetimes ---
bytes processed: 6256
addtime (seconds): 3
usetime (seconds): 30
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 0
--- Soft Lifetimes ---
bytes processed: 0
addtime (seconds): 24091
usetime (seconds): 0
------------- IPsec SA ----------------
Sequence number: 2
SPI (hex): 100782 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication
Src IP Addr: 10.2.2.2 Dst IP Addr: 10.1.1.1
--- Current Lifetimes ---
bytes processed: 6256
addtime (seconds): 3
usetime (seconds): 30
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 0
--- Soft Lifetimes ---
bytes processed: 0
addtime (seconds): 24091
usetime (seconds): 0
------------------------ IKEv1 SA ------------------------
Index: d0f1ae5476072ef9:80036a37b499c21d
Local IP Addr: 10.1.1.1
Remote IP Addr: 10.2.2.2
Role: Initiator State: ESTABLISHED
Auth Record: myAuth
ENCR: 3DES
AUTH: MD5
DH Group: 2
PFS: off
For more information on the ipsec_report command, refer to the ipsec_report(1M)
manpage.
6. Verify IPsec policies with Pass or Discard transforms.
To verify proper operation of IPsec policies with Pass or Discard actions in the transform
list, generate network traffic that matches the IPsec policy IP address, port, and protocol
parameters.
Enter the following command to determine the action taken by HP-UX IPSec.
ipsec_report -cache
Search the command output for the entry with the matching source and destination IP
addresses, source and destination port numbers, and protocol. Check the value of the Filter
108 Configuring HP-UX IPSec