TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

IPsec Phase 1 IKE Tunnel Table

Table 1 identifies objects listed in the IPsec Phase 1 IKE Tunnel Table.

Phase 1 is used to negotiate the parameter and key material required to establish an ISAKMP SA.

Phase 1 SA components include an encryption algorithm, authentication, Diffie-Hellman group values, and anthentication methods, such as preshared keys or certificates.

Table 1: IPsec Phase 1 IKE Tunnel Table

Object	Object ID	Description
jnxIkeTunnelMonTable	jnxIpSecFlowMonPhaseOne 2	The IPsec Phase 1 IKE Tunnel Table. There is one entry in this table for each active IPsec Phase 1 IKE tunnel.
jnxIkeTunnelMonEntry	jnxIkeTunnelMonTable 1	Attributes associated with an active IPsec Phase 1 IKE tunnel. Sequence of attributes: jnxIkeTunMonRemoteGwAddrType jnxIkeTunMonRemoteGwAddr jnxIkeTunMonIndex jnxIkeTunMonLocalGwAddrType jnxIkeTunMonLocalGwAddr jnxIkeTunMonState jnxIkeTunMonInitiatorCookie jnxIkeTunMonResponderCookie jnxIkeTunMonLocalRole jnxIkeTunMonLocalIdType jnxIkeTunMonLocalIdValue jnxIkeTunMonLocalCertName jnxIkeTunMonRemoteIdType jnxIkeTunMonRemoteIdValue jnxIkeTunMonNegoMode jnxIkeTunMonDiffHellmanGrp (not supported in this release) jnxIkeTunMonEncryptAlgo jnxIkeTunMonHashAlgo jnxIkeTunMonAuthMethod jnxIkeTunMonLifeTime jnxIkeTunMonActiveTime jnxIkeTunMonInOctets jnxIkeTunMonInPkts jnxIkeTunMonOutOctets jnxIkeTunMonOutPkts jnxIkeTunMonXAuthUserId jnxIkeTunMonDPDDownCount
jnxIkeTunMonRemoteGwAddrType	jnxIkeTunnelMonEntry 1	IP address type of remote gateway (endpoint) for the IPsec Phase 1 IKE tunnel.
jnxJsFwAuthClientIpAddr	jnxJsAuthTrapVars 4	IP address of remote gateway (endpoint) for the IPsec Phase 1 IKE tunnel.
jnxIkeTunMonIndex	jnxIkeTunnelMonEntry 3	Index number of IPsec Phase 1 IKE Tunnel Table. The index number begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
jnxIkeTunMonLocalGwAddr	jnxIkeTunnelMonEntry 4	IP address of local endpoint (gateway) for the IPsec Phase 1 IKE tunnel.
jnxIkeTunMonLocalGwAddrType	jnxIkeTunnelMonEntry 5	IP address type of local endpoint (gateway) for the IPsec Phase 1 IKE tunnel.
jnxIkeTunMonState	jnxIkeTunnelMonEntry 6	State of IKE tunnel. It can be: 1—up, negotiation completed. 2—down, being negotiated.
jnxIkeTunMonInitiatorCookie	jnxIkeTunnelMonEntry 7	Cookie as generated by peer that initiated the IKE Phase 1 negotiation. This cookie is carried in the ISAKMP header.
jnxIkeTunMonResponderCookie	jnxIkeTunnelMonEntry 8	Cookie as generated by peer responding to the IKE Phase 1 negotiation initiated by the remote peer. This cookie is carried in the ISAKMP header.
jnxIkeTunMonLocalRole	jnxIkeTunnelMonEntry 9	Role of local peer identity. The role of the local peer can be: Initiator Responder
jnxIkeTunMonLocalIdType	jnxIkeTunnelMonEntry 10	Type of local peer identity. The local peer can be identified by: IP address Fully qualified domain name string Distinguished name string
jnxIkeTunMonLocalIdValue	jnxIkeTunnelMonEntry 11	Value of local peer identity. If the local peer type is an IP address, then this is the IP address used to identify the local peer. If the local peer type is a fully qualified domain name string, then this is the fully qualified domain name string of the local peer. If the local peer type is a distinguished name string, then this is the distinguished name string of the local peer.
jnxIkeTunMonLocalCertName	jnxIkeTunnelMonEntry 12	Name of certificate used for authentication of the local tunnel endpoint. This object has some valid value only if the negotiated IKE authentication method is other than preshared key. If the IKE negotiation does not use a certificate-based authentication method, then the value of this object is a NULL string.
jnxIkeTunMonRemoteIdType	jnxIkeTunnelMonEntry 13	Type of remote peer identity. The remote peer can be identified by: IP address Fully qualified domain name string Distinguished name string
jnxIkeTunMonRemoteIdValue	jnxIkeTunnelMonEntry 14	Value of remote peer identity. If the remote peer type is an IP address, then this is the IP address used to identify the remote peer. If the remote peer type is a fully qualified domain name string, then this is the fully qualified domain name string of the remote peer. If the remote peer type is a distinguished name string, then this is the distinguished name string of the remote peer.
jnxIkeTunMonNegoMode	jnxIkeTunnelMonEntry 15	Negotiation mode of IPsec Phase 1 IKE tunnel.
Note: The jnxIkeTunMonDiffHellmanGrp object is not supported in this release.
jnxIkeTunMonDiffHellmanGrp	jnxIkeTunnelMonEntry 16	Diffie-Hellman Group used in IPsec Phase 1 IKE negotiations.
jnxIkeTunMonEncryptAlgo	jnxIkeTunnelMonEntry 17	Encryption algorithm used in IPsec Phase 1 IKE negotiations.
jnxIkeTunMonHashAlgo	jnxIkeTunnelMonEntry 18	Hash algorithm used in IPsec Phase 1 IKE negotiations.
jnxIkeTunMonAuthMethod	jnxIkeTunnelMonEntry 19	Authentication method used in IPsec Phase 1 IKE negotiations.
jnxIkeTunMonLifeTime	jnxIkeTunnelMonEntry 20	Negotiated lifetime of IPsec Phase 1 IKE tunnel in seconds.
jnxIkeTunMonActiveTime	jnxIkeTunnelMonEntry 21	Length of time IPsec Phase 1 IKE tunnel has been active in hundredths of seconds.
jnxIkeTunMonInOctets	jnxIkeTunnelMonEntry 22	Total number of octets received by this IPsec Phase 1 IKE SA.
jnxIkeTunMonInPkts	jnxIkeTunnelMonEntry 23	Total number of packets received by this IPsec Phase 1 IKE SA.
jnxIkeTunMonOutOctets	jnxIkeTunnelMonEntry 24	Total number of octets sent by this IPsec Phase 1 IKE SA.
jnxIkeTunMonOutPkts	jnxIkeTunnelMonEntry 25	Total number of packets sent by this IPsec Phase 1 IKE SA.
jnxIkeTunMonXAuthUserId	jnxIkeTunnelMonEntry 26	Extended Authentication (XAuth) User Identifier. Identifies the user associated with this IPsec Phase 1 negotiation.
jnxIkeTunMonDPDDownCount	jnxIkeTunnelMonEntry 27	Number of times that the remote peer is detected in a dead (or down) state.

TechLibrary

Related Documentation

IPsec Phase 1 IKE Tunnel Table

Related Documentation

Published: 2013-11-07