Monitoring IPsec VPN—Phase I
View IPsec VPN Phase I information.
Select Monitor>IPSec VPN>Phase I in the J-Web user interface.
Table 72 describes the available options for monitoring IPsec VPN-Phase I.
Table 72: IPsec VPN—Phase I Monitoring Page
|IKE SA Tab Options|
|IKE Security Associations|
Index number of an SA.
IP address of the destination peer with which the local peer communicates.
State of the IKE security associations:
Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.
Random number generated by the remote node and sent back to the initiator as a verification that the packets were received.
A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie’s authenticity.
Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are:
Monitoring IPsec VPN—Phase II
View IPsec VPN Phase II information.
Select Monitor>IPSec VPN>Phase II in the J-Web user interface.
Table 73 describes the available options for monitoring IPsec VPN-Phase II.
Table 73: IPsec VPN—Phase II Monitoring Page
|Statistics Tab Details|
Provides total number of bytes encrypted and decrypted by the local system across the IPsec tunnel.
Provides total number of packets encrypted and decrypted by the local system across the IPsec tunnel.
Provides details of the IPsec statistics.
|IPsec SA Tab Details|
|IPsec Security Associations|
Index number of the SA.
IP address of the remote gateway/port.
Cryptography scheme used to secure exchanges between peers during the IKE Phase II negotiations:
Security parameter index (SPI) identifier. An SA is uniquely identified by an SPI. Each entry includes the name of the VPN, the remote gateway address, the SPIs for each direction, the encryption and authentication algorithms, and keys. The peer gateways each have two SAs, one resulting from each of the two phases of negotiation: Phase I and Phase II.
The lifetime of the SA, after which it expires, expressed either in seconds or kilobytes.
Specifies if VPN-Liveliness Monitoring has been enabled/disabled. Enabled - ' U ', Disabled- '—'
Specifies the root system.