Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Monitoring IPsec VPN—Phase I

Purpose

View IPsec VPN Phase I information.

Action

Select Monitor>IPSec VPN>Phase I in the J-Web user interface.

Table 71 describes the available options for monitoring IPsec VPN-Phase I.

Table 71: IPsec VPN—Phase I Monitoring Page

FieldValuesAdditional Information
IKE SA Tab Options
IKE Security Associations

SA Index

Index number of an SA.

Remote Address

IP address of the destination peer with which the local peer communicates.

State

State of the IKE security associations:

  • DOWN—SA has not been negotiated with the peer.

  • UP—SA has been negotiated with the peer.

Initiator Cookie

Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.

Responder Cookie

Random number generated by the remote node and sent back to the initiator as a verification that the packets were received.

A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie’s authenticity.

Mode

Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are:

  • Main—The exchange is done with six messages. This mode, or exchange type, encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate.

  • Aggressive—The exchange is done with three messages. This mode, or exchange type, does not encrypt the payload, leaving the identity of the neighbor unprotected.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit