HP Comware 5 Debug Manual Vol 2

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

151

152

153

154

155

156

157

158

159

160

// The IPsec module created an IPsec policy control block.

IPsec Command Operation :Delete Driver Control Block.

Control Block ID :2

Interface Index :1048579

// The IPsec module deleted an IPsec policy control block.

# Enable IPsec debugging on the local end. Output similar to the following example is generated

when the remote end sends IPsec packets to the local end under the following conditions:

 On the local end, an IPsec policy is configured with the security protocol of ESP and the SPI of

54321 for the inbound SA.

 On the remote end, an IPsec policy is configured with the security protocol of ESP and SPI of

11111 f o r t h e o u t b o u n d S A .

<Sysname> debugging ipsec error

*Jun 28 20:27:15:495 2007 Sysname IPSEC/7/DBG:IPsec_ERROR: Inbound ESP processing:

Failed to find SA for packet from 1.1.1.2 to 1.1.1.1, SPI 0011111.

// The SPI of the incoming packet (11111) is not consistent with that configured for the inbound

SA (12345) on the local device, and thus the local end cannot any matching SA for the incoming

packet.

# Enable IPsec packet debugging on the local end. Output similar to the following example is

generated when you apply an IPsec policy to the interface under the following conditions:

 An IKE-based IPsec policy is configured on the local end.

 An IPsec proposal using the default settings is specified for the policy.

<Sysname> debugging ipsec packet

*Jun 28 20:27:15:495 2006 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 10, Outbound

packets should be protected by IPsec.

*Jun 28 20:27:15:495 2006 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 10, drop

packet due to not find IPsec SA in outbound direction.

// The ouput is the debugging information during IKE negotiation.

*Jun 28 20:27:29:761 2006 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 10, The packet

will be sent successfully by means of slow IPsec process.

*Jun 28 20:27:29:761 2006 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 10,

--- IPsec Send Packet ---

Src:11.1.1.1 Dst:11.1.1.2 SPI:333888814(0x13e6bd2e)

New ESP(RFC2406) Enc Alg:DES Auth Alg:HMAC-MD5-96

*Jun 28 20:27:29:761 2006 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 10, IPsec send

packet to IP output process...

// The output is the IPsec processing information on the initiator device after the IPsec SA

negotiation succeeded.

# Enable IPsec packet debugging on the peer device. Output similar to the following example is

generated when you apply an IPsec policy to the interface under the following conditions:

 An IKE-based IPsec policy is configured on the peer end.

 An IPsec proposal using the default settings is specified for the policy.

*Jan 11 08:41:54:917 2012 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 15, receive

ESP packet, SPI:333888814(0x13e6bd2e)

*Jan 11 08:41:54:917 2012 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 15, IPsec SA

type:New ESP(RFC2406), Auth Alg:HMAC-MD5-96, Enc Alg:DES

*Jan 11 08:41:54:917 2012 Sysname DPIPSEC/7/debug:IPsec_Packet: thread 15, Replay

checking enabled! SN:1

151