HP Comware 5 Debug Manual Vol 2
// The IPsec module is sending the data to the IP layer for processing.
*0.1139906 Sysname IPSEC/7/DBG:--- Receive IPsec(ESP) packet ---
*0.1139906 Sysname IPSEC/7/DBG:Src:3.0.0.1 Dst:3.0.0.2 SPI:2556898176(0x98672b80)
// The responder received a packet whose source address is 3.0.0.1, destination address is
3.0.0.2, and SPI is 2556898176.
*0.1139906 Sysname IPSEC/7/DBG:New ESP(RFC2406) Enc Alg:DES Auth Alg:HMAC-MD5-96
// The encryption algorithm is DES, and the authentication algorithm is MD5.
*0.1139906 Sysname IPSEC/7/DBG:Replay Checking Enabled! SN:5
// The IPsec module is performing anti-replay checking. SN indicates the sequence number of the
packet.
•
On a device with a multi-core CPU
# Enable IPsec SA debugging. When you configure an IKE-based IPsec policy and specify for it an
IPsec proposal using the default settings, output similar to the following example is generated:
<Sysname> debugging ipsec sa
IPsec Command Operation :Create Driver Control Block.
Control Block ID :1192
SA Mode :ISAKMP
Control Block ISAKMP Sequence :149
ACL Number :3149
Protect Mode :per rule
Interface Index :1048579
// The IPsec module created a driver control block. The block has the following details:
Index is 1192.
SA mode is ISAKMP.
Policy number is 149.
ACL number is 3149.
Protection mode is per rule.
Index of the interface is 1048579.
IPsec Command Operation :Create IPsec SA.
SA Protocol : ESP
Authentication arithmatic : HMAC-MD5-96
Encryption arithmatic : DES
IPsec SA ID :1592
Interface Index :1048579
Control Block ID :1045
ACL Rule Number :0
SPI :414400713
Replay Windows Size :32
Authentication Key Length :16
Authentication Key :f15fd0953d341b94a5ed9c610f499ab2
Encryption Key Length :8
Encryption Key :8f1df158ccbb4be1
SA Hard expire Bytes :262144
SA Soft Expire Bytes :235926
Peer IP :12.1.1.2
Sourc IP :11.1.1.2
149