Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
------------------------ IKEv1 SA ------------------------
Index: d0f1ae5476072ef9:80036a37b499c21d
Local IP Addr: 10.1.1.1
Remote IP Addr: 10.2.2.2
Role: Initiator State: ESTABLISHED
Auth Record: myAuth
ENCR: 3DES
AUTH: MD5
DH Group: 2
PFS: off
For more information on the ipsec_report command, see the ipsec_report(1M) manpage.
6. Verify IPsec policies with Pass or Discard transforms.
To verify proper operation of IPsec policies with Pass or Discard actions in the transform
list, generate network traffic that matches the IPsec policy IP address, port, and protocol
parameters.
Enter the following command to determine the action taken by HP-UX IPSec.
ipsec_report -cache
Search the command output for the entry with the matching source and destination IP addresses,
source and destination port numbers, and protocol. Check the value of the Filter field. This
is the action taken by HP-UX IPSec. Match the transform configured for the IPsec policy pass
or discard ).
For more information on the ipsec_report command, see the ipsec_report(1M) manpage.
7. Verify any entries in the bypass list.
Enter the following command:
ipsec_report -bypass
In addition, you can enter the following command and verify that none of the active host IPsec
policies include addresses in the bypass list:
ipsec_report -host
In addition, you can enter the following commands and verify that none of the active host and
gateway IPsec policies include addresses in the bypass list
ipsec_report -host
ipsec_report -gateway
Step 9: Configuring HP-UX IPSec to Start Automatically
After you have verified your HP-UX IPSec configuration is properly operating, you can configure
HP-UX IPSec so that it starts automatically at system startup time.
TIP: HP recommends that you configure HP-UX IPSec to start automatically at system startup time
once you have a known, good HP-UX IPSec configuration. This allows HP-UX IPSec to secure your
system at all times.
ipsec_config add startup Syntax
Use the following ipsec_config add startup syntax to configure HP-UX IPSec to start
automatically at system startup time:
ipsec_config add startup -autoboot ON
The complete ipsec_config add startup syntax specification also allows you to specify the
following arguments:
nocommit (verify the syntax but do not commit the information to the database)
profile (alternate profile file)
98 Configuring HP-UX IPSec