HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Exporting the Configuration Database to a Batch File................................................................117

ipsec_config export Syntax................................................................................................117

Parameters.................................................................................................................117

Re-Creating the Configuration Database..................................................................................117

Deleting SA Entries...............................................................................................................117

ipsec_admin -deletesa Syntax............................................................................................118

Parameters.................................................................................................................118

7 Troubleshooting HP-UX IPSec....................................................................119

Troubleshooting Utilities Overview...........................................................................................119

Getting General Information..............................................................................................120

Getting SA Information.....................................................................................................120

Getting Policy Information.................................................................................................120

Getting Interface Information.............................................................................................121

Getting Certificate Information...........................................................................................121

Viewing and Configuring Audit Information.........................................................................121

Enabling and Disabling Tracing.........................................................................................121

Troubleshooting Procedures....................................................................................................122

Checking Status...............................................................................................................122

Isolating HP-UX IPSec Problems from Upper-layer Problems....................................................123

Checking Policy Configuration...........................................................................................124

Using ipsec_policy .....................................................................................................124

Examining the Policy Cache and Policy Entries................................................................124

Configuring HP-UX IPSec Auditing......................................................................................124

Audit Level.................................................................................................................125

Audit Files and Directory..............................................................................................125

Audit File Size........................................................................................................125

Dynamically Setting Audit Parameters............................................................................125

Configuring Startup Audit Parameters.............................................................................126

Viewing Audit Files...........................................................................................................126

Filtering Audit File Output by Entity................................................................................126

Troubleshooting Tips.............................................................................................................126

Reporting Problems...............................................................................................................127

Troubleshooting Scenarios.....................................................................................................128

HP-UX IPSec Incorrectly Passes Packets................................................................................129

Problem.....................................................................................................................129

Symptoms..................................................................................................................129

Solution.....................................................................................................................129

HP-UX IPSec Incorrectly Attempts to Encrypt/Authenticate Packets...........................................129

Problem.....................................................................................................................129

Symptoms..................................................................................................................129

Solution.....................................................................................................................129

HP-UX IPSec Attempts to Encrypt/Authenticate and Fails........................................................130

Problem.....................................................................................................................130

Symptoms..................................................................................................................130

Solution.....................................................................................................................130

Determining the IKE Version Number........................................................................130

Determining if the IKEv1 SA Negotiation Succeeded...................................................130

Determining if the IKEv2 SA Negotiation Succeeded...................................................131

IKEv1 SA Negotiation Fails or Times Out (phase1 negotiation failed)......................................131

Problem.....................................................................................................................131

Symptoms..................................................................................................................131

Solution.....................................................................................................................131

IKEv2 SA Negotiation Fails or Times Out (retransmission count exceeded the limit)...................132

Problem.....................................................................................................................132

Contents 9