Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    jnxIPSecSaTable

    The IPsec phase 2 security association table (jnxIPSecSaTable), whose object identifier is {jnxIPSecPhaseTwo 2}, is used to monitor the IPsec SAs present for each tunnel in the IPsec tunnel table (jnxIPSecTunnelTable). More than one pair of SAs can be present for each of the IPsec tunnels.

    The key for this table is a combination of a service set name, remote gateway address, IPsec tunnel index, and the SA index. While the IPsec tunnel table is queried using the service set name, the SA table can be queried for the IPsec tunnel using the service set name, remote gateway address, and the IPsec tunnel index.

    The jnxIPSecSaEntry, whose object identifier is {jnxIPSecSaTable 1}, has 16 objects, which are listed in Table 1. Each entry contains SA components for an active IPsec phase 2 tunnel.

    Table 1: jnxIPSecSaTable

    Object

    Object Identifier

    Description

    jnxIpSecSaProtocol

    jnxIpSecSaEntry 1

    The index represents the security protocol (AH, ESP, or IPComp) for which the SA was created.

    jnxIpSecSaIndex

    jnxIpSecSaEntry 2

    The index (in the context of the IPsec tunnel) for the SA. The value of the index is a number that begins at 1 and is incremented with each security parameter index (SPI) associated with an IPsec phase 2 tunnel. When the index number reaches 2,147,483,647, the value wraps back to 1.

    jnxIpSecSaInSpi

    jnxIpSecSaEntry 3

    The value of the incoming SPI.

    jnxIpSecSaOutSpi

    jnxIpSecSaEntry 4

    The value of the outgoing SPI.

    jnxIpSecSaInAuxSpi

    jnxIpSecSaEntry 5

    The value of the incoming auxiliary SPI. This object is valid for AH and ESP bundles.

    jnxIpSecSaOutAuxSpi

    jnxIpSecSaEntry 6

    The value of the outgoing auxiliary SPI. This object is valid for AH and ESP bundles.

    jnxIpSecSaType

    jnxIpSecSaEntry 7

    The type of SA (manual or dynamic).

    jnxIpSecSaEncapMode

    jnxIpSecSaEntry 8

    The encapsulation mode used by the IPsec phase 2 tunnel.

    jnxIpSecSaLifeSize

    jnxIpSecSaEntry 9

    The negotiated size (in kilobytes) of the IPsec phase 2 tunnel.

    jnxIpSecSaLifeTime

    jnxIpSecSaEntry 10

    The negotiated lifetime (in seconds) of the IPsec phase 2 tunnel.

    jnxIpSecSaActiveTime

    jnxIpSecSaEntry 11

    The number of seconds the IPsec phase 2 tunnel has been active.

    jnxIpSecSaLifeSizeThreshold

    jnxIpSecSaEntry 12

    The refresh threshold (in kilobytes) of the SA size.

    jnxIpSecSaLifeTimeThreshold

    jnxIpSecSaEntry 13

    The refresh threshold (in seconds) of the SA lifetime.

    jnxIpSecSaEncryptAlgo

    jnxIpSecSaEntry 14

    The algorithm used to encrypt the packets (es-cbc or 3des-cbc).

    jnxIpSecSaAuthAlgo

    jnxIpSecSaEntry 15

    The algorithm used to authenticate the packets (hmac-md5-96 or hmac-sha1-96).

    jnxIpSecSaState

    jnxIpSecSaEntry 16

    The status of the SA. Status can be active (ready for active use) or expiring (any state an SA goes through before being purged).

     

    Related Documentation

     

    Published: 2014-09-17

    Previous Page Next Page