Reporting Problems

A complete description of the problem and any error messages. Include information about the local system (IP addresses), IP addresses of relevant remote systems, and routing table information (netstat -rn output), if appropriate. Also include a description of what works as well as what does not work.

Output from ipsec_admin -status.

Output from ipsec_report -all.

Output from ipsec_policy. Specify as many parameters as you can (source IP address, source port, destination IP address, destination port, protocol).

If the problem may be caused by the transport or application layer, enable layer four tracing (ipsec_admin -traceon), re-create the problem, and then disable tracing (ipsec_admin -traceoff). Trace output will be sent to /var/admin/ipsec/nettl.TRC0 and /var/admin/ipsec/nettl.TRC, if nettl tracing is not already enabled and directed to another file set.

	NOTE: IP and ICMP tracing are still available when IPSec is running. Packets secured with AH are still in clear text and the packet contents are still visible through a nettl trace. The output format using netfmt can only be parsed for the IP header. After that, it is a hex dump.

Relevant configuration files. IPSec/9000 security policy file:

/var/adm/ipsec/policies.txt (default)

For a formatted listing of the IPSec and ISAKMP policies, select "Print Policies" from the ipsec_mgr File menu.

Security certificate files, if you are using them:

/var/adm/ipsec/cainfo.txt

/var/adm/ipsec/certs.txt

IP configuration file:

/etc/rc.config.d/netconf

If you are using pre-shared keys, include a screen capture of the Preshared Keys screen, or other documentation of the pre-shared keys.

If the problem is reproducible, rerun it with the audit level set to informative.

Run the following ndd commands:

ndd -get /dev/ip ip_ipsec_polist

ndd -get /dev/ip ip_ipsec_salist

ndd -get /dev/ip ip_ipsec_status