[Contents] [Prev] [Next] [Index] [Report an Error]

jnxIkeTunnelTable

The IKE tunnel table (jnxIkeTunnelTable), whose object identifier is {jnxIPSecPhaseOne 1}, is used to monitor the IKE security associations established with the remote peers. The MIB variables in this table are used to display the IKE SA attributes and the SA statistics. There is one entry for each IKE SA present.

The key for this table is the combination of a service set name, remote gateway address, and the IKE tunnel index. The service set name is used from the jnxSpSvcSetTable which is implemented as part of the Services PIC MIB. The SNMP manager uses the jnxSpSvcSetTable to get the service set name and this information can then be used to query the jnxIkeTunnelTable for the given service set.

To get only IKE tunnels specific to a particular remote gateway in a service set, the SNMP manager can specify the corresponding service set name and the remote gateway address in the query.

jnxIkeTunnelEntry

The jnxIkeTunnelEntry, whose object identifier is {jnxIkeTunnelTable 1}, has 25 objects, which are listed in Table 91. Each entry contains attributes associated with an active IPsec phase 1 IKE tunnel.

Table 91: jnxIkeTunnelTable

Object

Object Identifier

Description

jnxIkeTunIndex

jnxIkeTunnelEntry 1

Index for the table. The value of the index is a number that begins at 1 and is incremented with each tunnel that is created. When the index number reaches 2,147,483,647 the value wraps back to 1.

jnxIkeTunLocalRole

jnxIkeTunnelEntry 2

The role of the local peer identity. The role can be initiator or responder.

jnxIkeTunNegState

jnxIkeTunnelEntry 3

The state of the current negotiation. The state can be matured or non matured.

jnxIkeTunInitiatorCookie

jnxIkeTunnelEntry 4

Cookie generated by the peer that initiated the IKE phase 1 negotiation. This cookie is carried in the ISAKMP header.

jnxIkeTunResponderCookie

jnxIkeTunnelEntry 5

Cookie generated by the peer responding to the IKE phase 1 negotiation. This cookie is carried in the ISAKMP header.

jnxIkeTunLocalIdType

jnxIkeTunnelEntry 6

The type of local peer identity. A local peer can be identified by an IP address, a fully qualified domain name (FQDN), or a distinguished name.

jnxIkeTunLocalIdValue

jnxIkeTunnelEntry 7

The value of the local peer identity.

  • If the local peer type is an IP address, then this is the IP address used to identify the local peer.
  • If the local peer type is an FQDN(if_fqdn), then this is the FQDN of the remote peer.
  • If the local peer type is a distinguished name (id_dn), then this is the distinguished name of the local peer.

jnxIkeTunLocalGwAddrType

jnxIkeTunnelEntry 8

The IP address type of the local endpoint (gateway) for the IPsec phase 1 IKE tunnel.

jnxIkeTunLocalGwAddr

jnxIkeTunnelEntry 9

The IP address of the local endpoint (gateway) for the IPsec phase 1 IKE tunnel.

jnxIkeTunLocalCertName

jnxIkeTunnelEntry 10

The name of the certificate used for authentication of the local tunnel endpoint. This object has a valid value only if the negotiated IKE authentication method is something other than a preshared key. If the IKE negotiation does not use certificates for authentication, the value is NULL.

jnxIkeTunRemoteIdType

jnxIkeTunnelEntry 11

The type of remote peer identity. A remote peer can be identified by an IP address, an FQDN, or a distinguished name.

jnxIkeTunRemoteIdValue

jnxIkeTunnelEntry 12

The value of the remote peer identity.

  • If the remote peer type is an IP address, then this is the IP address used to identify the remote peer.
  • If the remote peer type is an FQDN (if_fqdn), then this is the FQDN of the remote peer.
  • If the remote peer type is a distinguished name (id_dn), then this is the distinguished name of the remote peer.

jnxIkeTunRemoteGwAddrType

jnxIkeTunnelEntry 13

The IP address type of the remote gateway (endpoint) for the IPsec phase 1 IKE tunnel.

jnxIkeTunRemoteGwAddr

jnxIkeTunnelEntry 14

The IP address of the remote gateway (endpoint) for the IPsec phase 1 IKE tunnel.

jnxIkeTunNegoMode

jnxIkeTunnelEntry 15

The negotiation mode of the IPsec phase 1 IKE tunnel.

jnxIkeTunDiffHellmanGrp

jnxIkeTunnelEntry 16

The Diffie Hellman Group used in IPsec phase 1 IKE negotiations.

jnxIkeTunEncryptAlgo

jnxIkeTunnelEntry 17

The encryption algorithm used in IPsec phase 1 IKE negotiations.

jnxIkeTunHashAlgo

jnxIkeTunnelEntry 18

The hash algorithm used in IPsec phase 1 IKE negotiations.

jnxIkeTunAuthMethod

jnxIkeTunnelEntry 19

The authentication method used in IPsec phase 1 IKE negotiations.

jnxIkeTunLifeTime

jnxIkeTunnelEntry 20

The negotiated lifetime (in seconds) of the IPsec phase 1 IKE tunnel.

jnxIkeTunActiveTime

jnxIkeTunnelEntry 21

The length of time (in hundredths of seconds) that the IPsec phase 1 IKE tunnel has been active.

jnxIkeTunInOctets

jnxIkeTunnelEntry 22

The total number of octets received by this IPsec phase 1 IKE security association.

jnxIkeTunInPkts

jnxIkeTunnelEntry 23

The total number of packets received by this IPsec phase 1 IKE security association.

jnxIkeTunOutOcets

jnxIkeTunnelEntry 24

The total number of octets sent by this IPsec phase 1 IKE security association.

jnxIkeTunOutPkts

jnxIkeTunnelEntry 25

The total number of octets sent by this IPsec phase 1 IKE security association.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.