HP-UX IPSec Version A.03.00 Administrator's Guide
Troubleshooting Utilities Overview
HP-UX IPSec provides three troubleshooting utilities:
ipsec_admin
Returns status information and allows the administrator to change the audit
level, audit file directory, audit file size, and enable or disable level 4 (TCP,
UDP, IGMP) data tracing.
ipsec_report
Reports HP-UX IPSec operating parameters and displays the contents of
audit files. The output can be displayed to stdout or sent to a file.
ipsec_policy
Allows the administrator to determine which IPsec policy will be used for
a given packet.
Refer to the online manpages for above utilities for more information on how to use these utilities
and how to interpret the output from them. The sections that follow describe common tasks and
the commands to perform them:
• “Getting General Information” (page 142)
• “Getting SA Information” (page 142)
• “Getting Policy Information” (page 142)
• “Getting Interface Information” (page 143)
• “Getting Certificate Information” (page 143)
• “Viewing and Configuring Audit Information” (page 143)
• “Enabling and Disabling Tracing” (page 144)
Getting General Information
Table 7-1 Getting General Information
CommandTask
ipsec_admin -status
Get status of HP-UX IPSec components.
ipsec_report -all
Show all active and configured IPsec policies, IKE
policies, cache entries, SAs, active IP interfaces,
bypass interfaces, and display current audit file.
Getting SA Information
Table 7-2 Getting SA Information
CommandTask
ipsec_report -sa ike
Show current IKE SAs.
ipsec_report -sa ipsec
Show current IPsec SAs.
Getting Policy Information
Table 7-3 Getting Policy Information
CommandTask
ipsec_policy
Determine which IPsec policy matches a packet.
ipsec_config show host
Show host IPsec policies in the configuration
database.
ipsec_report -host
ipsec_report -host [active]
Show active host IPsec policies.
ipsec_report -host configured
Show configured host IPsec policies in the
configuration database.
142 Troubleshooting HP-UX IPSec