Tools Survey

IPSec/9000 provides three troubleshooting utilities:

ipsec_admin: returns status information and allows the administrator to change the audit level, audit file directory, audit file size, and enable or disable level 4 (TCP, UDP, IGMP) data tracing.
ipsec_policy: allows the administrator to determine which IPSec policy will be used for a given packet.
ipsec_report: reports IPSec/9000 operating parameters and displays the contents of audit files.

Table 2-1 Title not available (Tools Survey)

Task	Utility
Get status of IPSec/9000 components	ipsec_admin -status
Test which IPSec policy matches packet	ipsec_policy
Change audit level	ipsec_admin -auditlvl [alert\|error\|warning\|informative]
Change audit file directory	ipsec_admin -audit audit_directory
Get name of current audit file	ipsec_admin -status
Display contents of audit file	ipsec_report -audit audit_file
Enable level four data tracing	ipsec_admin -traceon [tcp\|udp\|igmp\|all]
Disable level four data tracing	ipsec_admin -traceoff [tcp\|udp\|igmp\|all]
Report IPSec policies loaded by policy daemon	ipsec_report -policy
Report ISAKMP policies loaded by policy daemon	ipsec_report -isakmp
Report current policy decisions cached by kernel Policy Engine	ipsec_report -cache
Report current ISAKMP (Main Mode) Security Associations	ipsec_report -mad
Report current IPSec Security Associations	ipsec_report -sad
Report all current IPSec policies, cache entries and Security Associations and display current audit file	ipsec_report -all

To verify the integrity of the authentication databases and file system security attributes, execute the following commands: integrity(1M) authck(1M), swverify(1M).

Tools Survey

Technical documentation

» Table of Contents

» Glossary

» Index