Monitoring and Troubleshooting IPsec
To monitor and debug IPsec operation, in addition to ipsecconf(1M) and ipseckey(1M), you can also use the standard TCP/IP utilities such as ping, traceroute, netstat, and snoop. When using snoop, remember that, depending on the IPsec configuration (such as when you are using ESP), you will not be able to read all or some of the data in IP packets secured with IPsec. Most common problems with IPsec, along with recommendations on how to solve them, are discussed in the following sections.
No ping or traceroute Between IPsec-Enabled Systems
Make sure both systems have correct and valid Security Associations for each other; make sure the keys match on both systems. Use ndd(1M) and netstat(1) to look up statistics. ...
Get Solaris 8 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
