Tab navigation
Installation Instructions
Before ftping the save files onto your System i 400 system, you must create the VPNIKE library and the destination save file so that ftp will store the data properly:
CRTLIB LIB(VPNIKE) TEXT('IKE Protocol Analyzer')
CRTSAVF FILE(VPNIKE/ANALYZEIKE) TEXT('AnalyzeIKE Binaries')
To restore the program files, run the following commands:
RSTOBJ OBJ(*ALL) SAVLIB(QUSRSYS) DEV(*SAVF) SAVF(VPNIKE/ANALYZEIKE)
Two *PGM objects should be restored to library QUSRSYS. They are SPLFTOIFS and ANALYZEIKE. You may delete the VPNIKE/ANALYZEIKE save file and the VPNIKE library now if you wish.
Using AnalyzerIKE
- The spooled file created by TRCTCPAPP containing VPN Key Manager trace needs to be moved into IFS. You may do this manually if you like, however, SPLFTOIFS will handle this for you. By calling QUSRSYS/SPLFTOIFS, you will enter an interactive program that prompts you for information about the spooled file and the new IFS file name where you'd like to store the trace file.
- Call QUSRSYS/ANALYZEIKE. You can now see all the different ways AnalyzeIKE can be run. You may direct output to your terminal in plain text or HTML format, or you may write the output to a plain text or HTML file in IFS.
- Viewing the output, especially when the format is HTML, is easiest using a web browser. This can be done by first moving the output file to a PC and then opening the file in a web browser. If you are running ftp on your System i 400, this can be done in a single step by opening a URL in the following format in your web browser: ftp://myas400id@myas400.mydomain.com/myIFSoutputDIR/output.htm
- Each entry in the output from AnalyzeIKE shows the file name and line number of the portion of trace that was analyzed to create the result that you see. You may refer back to the original trace to see how the AnalyzeIKE output correlates to the original TRCTCPAPP log. For example, AnalyzeIKE shows the following entry:
On the second line of the entry, you see the line: "IKE Message: File /IKE/MYIKE.LOG, Line 57." A portion of the original TRCTCPAPP trace is shown below. The trace has been moved into IFS file /ike/myike.log by using splftoifs. Line 57 is the line which reads: "simpnet.C(125) dmp(msgbuf->data,msgbuf->len=324)"
This original trace is what AnalyzeIKE found and interpreted to produce its output. We see that in the original trace, this message was received from a peer IKE server, indicated by "!XES IKE R," R for "Received." "Sent" messages are indicated with an "S." If we look at the output from AnalyzeIKE at the top, we see the exact meaning of the message received by VPN Key Manager in a readable format. These exact meanings are explained in detail in RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP). A copy of this can be found at http://www.ietf.org/rfc/rfc2408.txt (link resides outside of ibm.com)
Note to Users
AnalyzeIKE is simply a tool to help you better understand VPN Key Manager logs. It is provided as-is and is not supported by IBM. If you find that you are having a problem with AnalyzeIKE, please check back periodically to see if any software updates have been posted.
We're here to help
Easy ways to get the answers you need.
or call us at
1-866-883-8901
Priority code:
101AR13W