Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    jnxIkeTunnelTable

    The IKE tunnel table (jnxIkeTunnelTable), whose object identifier is {jnxIPSecPhaseOne 1}, is used to monitor the IKE security associations established with the remote peers. The MIB variables in this table are used to display the IKE SA attributes and the SA statistics. There is one entry for each IKE SA present.

    The key for this table is the combination of a service set name, remote gateway address, and the IKE tunnel index. The service set name is used from the jnxSpSvcSetTable which is implemented as part of the Services PIC MIB. The SNMP manager uses the jnxSpSvcSetTable to get the service set name, and this information can then be used to query the jnxIkeTunnelTable for the given service set.

    To get only IKE tunnels specific to a particular remote gateway in a service set, the SNMP manager can specify the corresponding service set name and the remote gateway address in the query.

    The jnxIkeTunnelEntry, whose object identifier is {jnxIkeTunnelTable 1}, has 25 objects, which are listed in Table 1. Each entry contains attributes associated with an active IPsec phase 1 IKE tunnel.

    Table 1: jnxIkeTunnelTable

    Object

    Object Identifier

    Description

    jnxIkeTunIndex

    jnxIkeTunnelEntry 1

    Index for the table. The value of the index is a number that begins at 1 and is incremented with each tunnel that is created. When the index number reaches 2,147,483,647, the value wraps back to 1.

    jnxIkeTunLocalRole

    jnxIkeTunnelEntry 2

    The role of the local peer identity. The role can be initiator or responder.

    jnxIkeTunNegState

    jnxIkeTunnelEntry 3

    The state of the current negotiation. The state can be matured or non matured.

    jnxIkeTunInitiatorCookie

    jnxIkeTunnelEntry 4

    Cookie generated by the peer that initiated the IKE phase 1 negotiation. This cookie is carried in the ISAKMP header.

    jnxIkeTunResponderCookie

    jnxIkeTunnelEntry 5

    Cookie generated by the peer responding to the IKE phase 1 negotiation. This cookie is carried in the ISAKMP header.

    jnxIkeTunLocalIdType

    jnxIkeTunnelEntry 6

    The type of local peer identity. A local peer can be identified by an IP address, a fully qualified domain name (FQDN), or a distinguished name.

    jnxIkeTunLocalIdValue

    jnxIkeTunnelEntry 7

    The value of the local peer identity.

    • If the local peer type is an IP address, then this is the IP address used to identify the local peer.
    • If the local peer type is an FQDN(if_fqdn), then this is the FQDN of the remote peer.
    • If the local peer type is a distinguished name (id_dn), then this is the distinguished name of the local peer.

    jnxIkeTunLocalGwAddrType

    jnxIkeTunnelEntry 8

    The IP address type of the local endpoint (gateway) for the IPsec phase 1 IKE tunnel.

    jnxIkeTunLocalGwAddr

    jnxIkeTunnelEntry 9

    The IP address of the local endpoint (gateway) for the IPsec phase 1 IKE tunnel.

    jnxIkeTunLocalCertName

    jnxIkeTunnelEntry 10

    The name of the certificate used for authentication of the local tunnel endpoint. This object has a valid value only if the negotiated IKE authentication method is something other than a preshared key. If the IKE negotiation does not use certificates for authentication, the value is NULL.

    jnxIkeTunRemoteIdType

    jnxIkeTunnelEntry 11

    The type of remote peer identity. A remote peer can be identified by an IP address, an FQDN, or a distinguished name.

    jnxIkeTunRemoteIdValue

    jnxIkeTunnelEntry 12

    The value of the remote peer identity.

    • If the remote peer type is an IP address, then this is the IP address used to identify the remote peer.
    • If the remote peer type is an FQDN (if_fqdn), then this is the FQDN of the remote peer.
    • If the remote peer type is a distinguished name (id_dn), then this is the distinguished name of the remote peer.

    jnxIkeTunRemoteGwAddrType

    jnxIkeTunnelEntry 13

    The IP address type of the remote gateway (endpoint) for the IPsec phase 1 IKE tunnel.

    jnxIkeTunRemoteGwAddr

    jnxIkeTunnelEntry 14

    The IP address of the remote gateway (endpoint) for the IPsec phase 1 IKE tunnel.

    jnxIkeTunNegoMode

    jnxIkeTunnelEntry 15

    The negotiation mode of the IPsec phase 1 IKE tunnel.

    jnxIkeTunDiffHellmanGrp

    jnxIkeTunnelEntry 16

    The Diffie Hellman Group used in IPsec phase 1 IKE negotiations.

    jnxIkeTunEncryptAlgo

    jnxIkeTunnelEntry 17

    The encryption algorithm used in IPsec phase 1 IKE negotiations.

    jnxIkeTunHashAlgo

    jnxIkeTunnelEntry 18

    The hash algorithm used in IPsec phase 1 IKE negotiations.

    jnxIkeTunAuthMethod

    jnxIkeTunnelEntry 19

    The authentication method used in IPsec phase 1 IKE negotiations.

    jnxIkeTunLifeTime

    jnxIkeTunnelEntry 20

    The negotiated lifetime (in seconds) of the IPsec phase 1 IKE tunnel.

    jnxIkeTunActiveTime

    jnxIkeTunnelEntry 21

    The length of time (in hundredths of seconds) that the IPsec phase 1 IKE tunnel has been active.

    jnxIkeTunInOctets

    jnxIkeTunnelEntry 22

    The total number of octets received by this IPsec phase 1 IKE security association.

    jnxIkeTunInPkts

    jnxIkeTunnelEntry 23

    The total number of packets received by this IPsec phase 1 IKE security association.

    jnxIkeTunOutOcets

    jnxIkeTunnelEntry 24

    The total number of octets sent by this IPsec phase 1 IKE security association.

    jnxIkeTunOutPkts

    jnxIkeTunnelEntry 25

    The total number of octets sent by this IPsec phase 1 IKE security association.

     

    Related Documentation

     

    Published: 2014-09-17

    Previous Page Next Page