Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
61626364656667686970
------------- IPsec SA ----------------
Sequence number: 2
SPI (hex): 100782 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication
Src IP Addr: 10.2.2.2 Dst IP Addr: 10.1.1.1
--- Current Lifetimes ---
bytes processed: 6256
addtime (seconds): 3
usetime (seconds): 30
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 0
--- Soft Lifetimes ---
bytes processed: 0
addtime (seconds): 24091
usetime (seconds): 0
------------------------ IKEv1 SA ------------------------
Index: 431cae5476072ef9:80036a37b499c894
Local IP Addr: 10.1.1.1
Remote IP Addr: 10.2.2.2
Role: Responder State: ESTABLISHED
Auth Record: bluth
ENCR: 3DES
AUTH: MD5
DH Group: 2
PFS: off
For more information on the ipsec_report command, refer to the ipsec_report(1M)
manpage.
6. Verify IPsec policies with Pass or Discard transforms.
HP-UX IPSec always contains a host IPsec policy named default which is searched last.
The default policy is configured with PASS as the action by default.
To verify proper operation of IPsec policies with Pass or Discard actions in the transform
list, generate network traffic that matches the IPsec policy IP address, port, and protocol
parameters.
Enter the following command to determine the action taken by HP-UX IPSec.
ipsec_report -cache
Search the command output for the entry with the matching source and destination IP
addresses, source and destination port numbers, and protocol. Check the value of the Filter
field. This is the action taken by HP-UX IPSec. Match the transform configured for the IPsec
policy pass or discard ).
For more information on the ipsec_report command, refer to the ipsec_report(1M)
manpage.
Step 4: Committing the Batch File Configuration and Verifying Operation 61