[an error occurred while processing this directive][an error occurred while processing this directive]

IPsec Phase 1 IKE Tunnel Table

Table 1 identifies objects listed in the IPsec Phase 1 IKE Tunnel Table.

Phase 1 is used to negotiate the parameter and key material required to establish an ISAKMP SA.

Phase 1 SA components include an encryption algorithm, authentication, Diffie-Hellman group values, and anthentication methods, such as preshared keys or certificates.

Table 1: IPsec Phase 1 IKE Tunnel Table

Object

Object ID

Description

jnxIkeTunnelMonTable

jnxIpSecFlowMonPhaseOne 2

The IPsec Phase 1 IKE Tunnel Table. There is one entry in this table for each active IPsec Phase 1 IKE tunnel.

jnxIkeTunnelMonEntry

jnxIkeTunnelMonTable 1

Attributes associated with an active IPsec Phase 1 IKE tunnel.

Sequence of attributes:

  • jnxIkeTunMonRemoteGwAddrType
  • jnxIkeTunMonRemoteGwAddr
  • jnxIkeTunMonIndex
  • jnxIkeTunMonLocalGwAddrType
  • jnxIkeTunMonLocalGwAddr
  • jnxIkeTunMonState
  • jnxIkeTunMonInitiatorCookie
  • jnxIkeTunMonResponderCookie
  • jnxIkeTunMonLocalRole
  • jnxIkeTunMonLocalIdType
  • jnxIkeTunMonLocalIdValue
  • jnxIkeTunMonLocalCertName
  • jnxIkeTunMonRemoteIdType
  • jnxIkeTunMonRemoteIdValue
  • jnxIkeTunMonNegoMode
  • jnxIkeTunMonDiffHellmanGrp (not supported in this release)
  • jnxIkeTunMonEncryptAlgo
  • jnxIkeTunMonHashAlgo
  • jnxIkeTunMonAuthMethod
  • jnxIkeTunMonLifeTime
  • jnxIkeTunMonActiveTime
  • jnxIkeTunMonInOctets
  • jnxIkeTunMonInPkts
  • jnxIkeTunMonOutOctets
  • jnxIkeTunMonOutPkts
  • jnxIkeTunMonXAuthUserId
  • jnxIkeTunMonDPDDownCount

jnxIkeTunMonRemoteGwAddrType

jnxIkeTunnelMonEntry 1

IP address type of remote gateway (endpoint) for the IPsec Phase 1 IKE tunnel.

jnxJsFwAuthClientIpAddr

jnxJsAuthTrapVars 4

IP address of remote gateway (endpoint) for the IPsec Phase 1 IKE tunnel.

jnxIkeTunMonIndex

jnxIkeTunnelMonEntry 3

Index number of IPsec Phase 1 IKE Tunnel Table. The index number begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.

jnxIkeTunMonLocalGwAddr

jnxIkeTunnelMonEntry 4

IP address of local endpoint (gateway) for the IPsec Phase 1 IKE tunnel.

jnxIkeTunMonLocalGwAddrType

jnxIkeTunnelMonEntry 5

IP address type of local endpoint (gateway) for the IPsec Phase 1 IKE tunnel.

jnxIkeTunMonState

jnxIkeTunnelMonEntry 6

State of IKE tunnel. It can be:

  • 1—up, negotiation completed.
  • 2—down, being negotiated.

jnxIkeTunMonInitiatorCookie

jnxIkeTunnelMonEntry 7

Cookie as generated by peer that initiated the IKE Phase 1 negotiation. This cookie is carried in the ISAKMP header.

jnxIkeTunMonResponderCookie

jnxIkeTunnelMonEntry 8

Cookie as generated by peer responding to the IKE Phase 1 negotiation initiated by the remote peer. This cookie is carried in the ISAKMP header.

jnxIkeTunMonLocalRole

jnxIkeTunnelMonEntry 9

Role of local peer identity. The role of the local peer can be:

  • Initiator
  • Responder

jnxIkeTunMonLocalIdType

jnxIkeTunnelMonEntry 10

Type of local peer identity. The local peer can be identified by:

  • IP address.
  • Fully qualified domain name string.
  • Distinguished name string.

jnxIkeTunMonLocalIdValue

jnxIkeTunnelMonEntry 11

Value of local peer identity.

If the local peer type is an IP address, then this is the IP address used to identify the local peer.

If the local peer type is a fully qualified domain name string, then this is the fully qualified domain name string of the local peer.

If the local peer type is a distinguished name string, then this is the distinguished name string of the local peer.

jnxIkeTunMonLocalCertName

jnxIkeTunnelMonEntry 12

Name of certificate used for authentication of the local tunnel endpoint. This object has some valid value only if the negotiated IKE authentication method is other than preshared key. If the IKE negotiation does not use a certificate-based authentication method, then the value of this object is a NULL string.

jnxIkeTunMonRemoteIdType

jnxIkeTunnelMonEntry 13

Type of remote peer identity. The remote peer can be identified by:

  • IP address.
  • Fully qualified domain name string.
  • Distinguished name string.

jnxIkeTunMonRemoteIdValue

jnxIkeTunnelMonEntry 14

Value of remote peer identity.

If the remote peer type is an IP address, then this is the IP address used to identify the remote peer.

If the remote peer type is a fully qualified domain name string, then this is the fully qualified domain name string of the remote peer.

If the remote peer type is a distinguished name string, then this is the distinguished name string of the remote peer.

jnxIkeTunMonNegoMode

jnxIkeTunnelMonEntry 15

Negotiation mode of IPsec Phase 1 IKE tunnel.

Note: The jnxIkeTunMonDiffHellmanGrp object is not supported in this release.

jnxIkeTunMonDiffHellmanGrp

jnxIkeTunnelMonEntry 16

Diffie-Hellman Group used in IPsec Phase 1 IKE negotiations.

jnxIkeTunMonEncryptAlgo

jnxIkeTunnelMonEntry 17

Encryption algorithm used in IPsec Phase 1 IKE negotiations.

jnxIkeTunMonHashAlgo

jnxIkeTunnelMonEntry 18

Hash algorithm used in IPsec Phase 1 IKE negotiations.

jnxIkeTunMonAuthMethod

jnxIkeTunnelMonEntry 19

Authentication method used in IPsec Phase 1 IKE negotiations.

jnxIkeTunMonLifeTime

jnxIkeTunnelMonEntry 20

Negotiated lifetime of IPsec Phase 1 IKE tunnel in seconds.

jnxIkeTunMonActiveTime

jnxIkeTunnelMonEntry 21

Length of time IPsec Phase 1 IKE tunnel has been active in hundredths of seconds.

jnxIkeTunMonInOctets

jnxIkeTunnelMonEntry 22

Total number of octets received by this IPsec Phase 1 IKE SA.

jnxIkeTunMonInPkts

jnxIkeTunnelMonEntry 23

Total number of packets received by this IPsec Phase 1 IKE SA.

jnxIkeTunMonOutOctets

jnxIkeTunnelMonEntry 24

Total number of octets sent by this IPsec Phase 1 IKE SA.

jnxIkeTunMonOutPkts

jnxIkeTunnelMonEntry 25

Total number of packets sent by this IPsec Phase 1 IKE SA.

jnxIkeTunMonXAuthUserId

jnxIkeTunnelMonEntry 26

Extended Authentication (XAuth) User Identifier. Identifies the user associated with this IPsec Phase 1 negotiation.

jnxIkeTunMonDPDDownCount

jnxIkeTunnelMonEntry 27

Number of times that the remote peer is detected in a dead (or down) state.


Published: 2010-04-27

[an error occurred while processing this directive]