Reporting Problems

A complete description of the problem and any error messages. Include information about:

Also include a description of what works as well as what does not work.

Output from ipsec_admin -status.

Output from ipsec_report -all.

Output from ipsec_policy. Specify as many parameters as you can (source IP address, source port, destination IP address, destination port, protocol).

If the problem may be caused by the transport or application layer, enable layer four tracing (ipsec_admin -traceon), recreate the problem, and then disable tracing (ipsec_admin -traceoff). Trace output will be sent to /var/admin/ipsec/nettl.TRC0 and /var/admin/ipsec/nettl.TRC, if nettl tracing is not already enabled and directed to another file set.

	NOTE: IP and ICMP tracing are still available when IPSec is running. Packets secured with AH are still in clear text and the packet contents are still visible through a nettl trace. The output format using netfmt can only be parsed for the IP header. The netfmt utility displays any data following the IP header as hexadecimal values.

Relevant configuration files. HP-UX IPSec security policy file:

       /var/adm/ipsec/policies.txt (default)

For a formatted listing of the IPSec and ISAKMP policies, choose Print Policies from the ipsec_mgr File menu to print the policy files.

Security certificate files, if you are using them:

/var/adm/ipsec/cainfo.txt

/var/adm/ipsec/certs.txt

IP configuration file:

/etc/rc.config.d/netconf

If you are using preshared keys, include a screen capture of the Preshared Keys screen, or other documentation of your preshared keys.

If the problem is reproducible, recreate it with the audit level set to informative.

Run the following ndd commands:

ndd -get /dev/ip ip_ipsec_polist

ndd -get /dev/ip ip_ipsec_salist

ndd -get /dev/ip ip_ipsec_status