Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
51525354555657585960
addtime (seconds): 24091
usetime (seconds): 0
------------- IPsec SA ----------------
Sequence number: 2
SPI (hex): 100782 State: MATURE
SA Type: ESP with AES128-CBC encryption and HMAC-SHA1 authentication
Src IP Addr: 10.2.2.2 Dst IP Addr: 10.1.1.1
--- Current Lifetimes ---
bytes processed: 6256
addtime (seconds): 3
usetime (seconds): 30
--- Hard Lifetimes ---
bytes processed: 0
addtime (seconds): 28800
usetime (seconds): 0
--- Soft Lifetimes ---
bytes processed: 0
addtime (seconds): 24091
usetime (seconds): 0
------------------------ IKEv1 SA ------------------------
Index: 431cae5476072ef9:80036a37b499c894
Local IP Addr: 10.1.1.1
Remote IP Addr: 10.2.2.2
Role: Responder State: ESTABLISHED
Auth Record: bluth
ENCR: 3DES
AUTH: MD5
DH Group: 2
PFS: off
For more information on the ipsec_report command, see the ipsec_report(1M) manpage.
6. Verify IPsec policies with Pass or Discard transforms.
HP-UX IPSec always contains a host IPsec policy named default which is searched last. The
default policy is configured with PASS as the action by default.
To verify proper operation of IPsec policies with Pass or Discard actions in the transform
list, generate network traffic that matches the IPsec policy IP address, port, and protocol
parameters.
Enter the following command to determine the action taken by HP-UX IPSec.
ipsec_report -cache
Search the command output for the entry with the matching source and destination IP addresses,
source and destination port numbers, and protocol. Check the value of the Filter field. This
is the action taken by HP-UX IPSec. Match the transform configured for the IPsec policy pass
or discard ).
For more information on the ipsec_report command, see the ipsec_report(1M) manpage.
Step 5: Configuring HP-UX IPSec to start automatically
After you have verified your HP-UX IPSec configuration is properly operating, you can configure
HP-UX IPSec so that it starts automatically at system startup time.
TIP: HP recommends that you configure HP-UX IPSec to start automatically at system startup time
once you have a known, good HP-UX IPSec configuration. This enables HP-UX IPSec to secure your
system at all times.
54 Quick configuration procedure and tips