Troubleshooting Utilities Overview

HP-UX IPSec provides three troubleshooting utilities:

ipsec_admin: returns status information and allows the administrator to change the audit level, audit file directory, audit file size, and enable or disable level 4 (TCP, UDP, IGMP) data tracing.
ipsec_policy: allows the administrator to determine which IPSec policy will be used for a given packet.
ipsec_report: reports HP-UX IPSec operating parameters and displays the contents of audit files.

Refer to Appendix E “Troubleshooting Tools Reference” for more information on how to use these utilities and how to interpret the output from these utilities.

Table 5-1 HP-UX IPSec Tasks and Utilities

Task	Utility
Get status of HP-UX IPSec components	`ipsec_admin -status`
Test which IPSec policy matches packet	`ipsec_policy`
Change audit level	`ipsec_admin -auditlvl [alert\|error\|warning\| informative]`
Change audit file directory	`ipsec_admin -audit audit_directory`
Get name of current audit file	`ipsec_admin -status`
Display contents of audit file	`ipsec_report -audit audit_file`
Enable level four data tracing	`ipsec_admin -traceon [tcp\|udp\|igmp\|all]`
Disable level four data tracing	`ipsec_admin -traceoff [tcp\|udp\|igmp\|all]`
Report IPSec policies loaded by policy daemon	`ipsec_report -policy`
Report ISAKMP policies loaded by policy daemon	`ipsec_report -isakmp`
Report current policy decisions cached by kernel policy engine	`ipsec_report -cache`
Report current ISAKMP (Main Mode) SAs	`ipsec_report -mad`
Report current IPSec SAs	`ipsec_report -sad`
Report all current IPSec policies, cache entries and SAs and display current audit file	`ipsec_report -all`

To verify the integrity of the authentication databases and file system security attributes, execute the following HP-UX commands: integrity (1M), authck(1M), and swverify(1M).

Troubleshooting Utilities Overview

Technical documentation

» Table of Contents

» Glossary

» Index