Manualshelf

HP Comware 5 Debug Manual Vol 2

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
151152153154155156157158159160
Table 115 Output from the debugging ipsec sa command (for devices with single-core CPUs)
Field
Description
Enc Alg Encryption algorithm.
Table 5 describes output fields and messages for the debugging ipsec sa command on devices with
multi-core CPUs.
Table 116 Output from the debugging ipsec sa command (for devices with multi-core CPUs)
Field
Description
Failed to check IPsec SA's parameters in DP. Failed to check IPsec SA parameters in the data plane.
Table 6 describes output fields and messages for the debugging ipsec synchronization command on
devices with multi-core CPUs.
Table 117 Output from the debugging ipsec synchronization command (for firewalls with multi-core
CPUs)
Field
Description
Got IPsec TDB redundancy info:
SPI
s
pi-number, Anti-Replay value,
Current byte life life-time.
Received IPsec TDB redundancy information:
SPI value
Anti-replay information
Traffic-based lifetime
Examples
On a device with a single-core CPU
# Enable all IPsec debugging. When you configure an IKE-based IPsec policy and specify for it an
IPsec proposal using the default settings, output similar to the following example is generated:
<Sysname> debugging ipsec all
*0.1139875 Sysname IPSEC/7/DBG:
A session is created.
Source address : 3.0.0.2
Destination address : 3.0.0.1
Source port : 0
Destination port : 0
protocol : 1
IPsec action : permit
*0.1139890 Sysname IPSEC/7/DBG:
// The IPsec module created an IPsec session. The source address and destination address of the
session are 3.0.0.2 and 3.0.0.1, respectively. The source port number and destination port
number are both 0. The protocol number is 1. Packets permitted by the ACL are IPsec protected.
*0.1139890 Sysname IPSEC/7/DBG:Tunnel mode. Adding outer IP header succeed!
// The encapsulation mode is tunnel mode. The outer IP header was added successfully.
*0.1139890 Sysname IPSEC/7/DBG:New ESP(RFC2406) Enc Alg:DES Auth Alg:HMAC-MD5-96
*0.1139890 Sysname IPSEC/7/DBG:Encryption finished! New ESP(RFC2406) SN:5
// The encryption algorithm is DES, and the authentication algorithm is MD5.
*0.1139906 Sysname IPSEC/7/DBG:Now send it to IP output process...
148