| IPSec Tunnels |
|
Service Set
|
Name of the service set for which the IPSec tunnel is defined.
|
|
Rule
|
Name of the rule set applied to the IPSec tunnel.
|
|
Term
|
Name of the IPSec term applied to the IPSec tunnel.
|
|
Local Gateway
|
Gateway address of the local system.
|
|
Remote Gateway
|
Gateway address of the remote system.
|
|
Direction
|
Direction of the IPSec tunnel: Inbound or Outbound.
|
|
Protocol
|
Protocol supported: either Encapsulation Security Protocol (ESP)
or Authentication Header and ESP (AH+ESP).
|
|
Tunnel Index
|
Numeric identifier of the IPSec tunnel.
|
|
Tunnel Local Identity
|
Prefix and port number of the local endpoint of the IPSec tunnel.
|
|
Tunnel Remote Identity
|
Prefix and port number of the remote endpoint of the IPSec tunnel.
|
| IPSec Statistics |
|
Service Set
|
Name of the service set for which the IPSec tunnel is defined.
|
|
Local Gateway
|
Gateway address of the local system.
|
|
Remote Gateway
|
Gateway address of the remote system.
|
|
ESP Encrypted Bytes
|
Total number of bytes encrypted by the local system across the IPSec
tunnel.
|
|
ESP Decrypted Bytes
|
Total number of bytes decrypted by the local system across the IPSec
tunnel.
|
|
AH Input Bytes
|
Total number of bytes received by the local system across the IPSec
tunnel.
|
|
AH Output Bytes
|
Total number of bytes transmitted by the local system across the IPSec
tunnel.
|
| IKE Security
|
|
Remote Address
|
Responder's address.
|
|
State
|
State of the IKE security association:
-
Matured—IKE security association is established.
-
Not matured—IKE security association is in the
process of negotiation.
|
|
Initiator Cookie
|
Random number sent to the remote node when the IKE negotiation is triggered.
This number is generated by means of an algorithm and information shared during
the IKE negotiation. Cookies provide a basic form of authenticity protection
to help prevent denial-of-service (DoS) attacks.
|
|
Responder Cookie
|
Random number generated by the remote node when it receives the initiator
cookie. The remote node sends the cookie back to the IKE initiator as verification
that the negotiation packets were received.
|
|
Exchange Type
|
Type of IKE exchange. The IKE exchange type determines the number of
messages in the exchange and the payload types contained in each message.
Each exchange type provides a particular set of security services, such as
anonymity of the participants, perfect forward secrecy of the keying material,
and authentication of the participants. J-series Services Routers support
the following types of IKE exchanges:
-
Main—IKE exchange is done with six messages. The Main exchange
type encrypts the payload, protecting the identity of the neighbor.
-
Aggressive—IKE exchange is done with three messages.
The Aggressive exchange type does not encrypt the payload, leaving
the identity of the neighbor unprotected.
|
|
Role
|
Role of the router in the IKE exchange: Initiator or Responder.
|
|
Authentication Method
|
Method used for IKE authentication. The type of authentication determines
which payloads are exchanged and when they are exchanged. J-series Services Routers
support only the pre-shared keys authentication type.
|
|
Local Address
|
Prefix and port number of the local tunnel endpoint.
|
|
Remote Address
|
Prefix and port number of the remote tunnel endpoint.
|
|
Lifetime
|
Number of seconds remaining until the IKE security association expires.
|
|
Algorithm Authentication
|
Type of authentication algorithm used for the security association: md5 or sha1.
|
|
Algorithm Encryption
|
Type of encryption algorithm used for the security association: des-cbc, 3des-cbc,
or None.
|
|
Algorithm PRF
|
The pseudorandom function that generates highly unpredictable random
numbers: hmac-md5 or hmac-sha1.
|
|
Input Bytes
|
Number of bytes received on the IKE security association.
|
|
Output Bytes
|
Number of bytes transmitted on the IKE security association.
|
|
Input Packets
|
Number of packets received on the IKE security association.
|
|
Output Packets
|
Number of packets transmitted on the IKE security association.
|
|
IPSec Security Associations
|
Number of IPSec security associations that have been created and deleted
on the router. Only security associations whose negotiations are complete
are listed. When a security association is taken down, it is listed as a deleted
security association.
|
|
Phase 2 Negotiations in Progress
|
Number of phase 2 IKE negotiations in progress.
|