Technical Documentation

IPsec Phase 2 IKE Tunnel Table

Table 1 identifies objects listed in the IPsec Phase 2 IKE Tunnel Table.

During this phase, IKE negotiates IPsec SA parameters and setup, matching IPsec SA in the peers.

Phase 2 VPN includes tunnel peer connection, associated with a specific policy or a tunnel interface. Phase 2 SA components include encryption and authentication algorithms, proxy-IDs, and optional DH group values.

Table 1: IPsec Phase 2 IKE Tunnel Table

Object

Object ID

Description

Note: The jnxIpSecNumOfTunnels object is not supported in this release.

jnxIpSecNumOfTunnels

jnxIpSecFlowMonPhaseTwo 1

Number of IPsec VPN tunnels. This attribute should report the number of IPsec VPN tunnels in jnxIpSecTunnelTable.

jnxIpSecTunnelMonTable

jnxIpSecFlowMonPhaseTwo 2

The IPsec Phase 2 Tunnel Table. There is one entry in this table for each active IPsec Phase 2 tunnel. If the tunnel is terminated, then the entry is no longer available after the table has been refreshed.

jnxIpSecTunnelMonEntry

jnxIpSecTunnelMonTable 1

Each entry contains the attributes associated with an active IPsec Phase 2 tunnel.

Sequence of attributes:

  • jnxIpSecTunMonRemoteGwAddrType
  • jnxIpSecTunMonRemoteGwAddr
  • jnxIpSecTunMonIndex
  • jnxIpSecTunMonLocalGwAddrType
  • jnxIpSecTunMonLocalGwAddr
  • jnxIpSecTunMonLocalProxyId
  • jnxIpSecTunMonRemoteProxyId
  • jnxIpSecTunMonKeyType
  • jnxIpSecTunMonRemotePeerType
  • jnxIpSecTunMonOutEncryptedBytes
  • jnxIpSecTunMonOutEncryptedPkts
  • jnxIpSecTunMonInDecryptedBytes
  • jnxIpSecTunMonInDecryptedPkts
  • jnxIpSecTunMonAHInBytes
  • jnxIpSecTunMonAHInPkts
  • jnxIpSecTunMonAHOutBytes
  • jnxIpSecTunMonAHOutPkts
  • jnxIpSecTunMonReplayDropPkts
  • jnxIpSecTunMonAhAuthFails
  • jnxIpSecTunMonDecryptFails
  • jnxIpSecTunMonBadHeaders
  • jnxIpSecTunMonBadTrailers
  • jnxIkeTunMonOutOctets
  • jnxIpSecTunMonDroppedPkts (not supported in this release)

jnxIpSecTunMonRemoteGwAddrType

jnxIpSecTunnelMonEntry 1

IP address type of remote gateway (endpoint) for the IPsec Phase 2 tunnel.

jnxIpSecTunMonRemoteGwAddr

jnxIpSecTunnelMonEntry 2

IP address of remote gateway (endpoint) for the IPsec Phase 2 tunnel.

jnxIpSecTunMonIndex

jnxIpSecTunnelMonEntry 3

Index number of IPsec Phase 2 Tunnel Table. The index number begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.

jnxIpSecTunMonLocalGwAddrType

jnxIpSecTunnelMonEntry 4

IP address type of local gateway (endpoint) for the IPsec Phase 2 tunnel.

jnxIpSecTunMonLocalGwAddr

jnxIpSecTunnelMonEntry 5

IP address of local gateway (endpoint) for the IPsec Phase 2 tunnel.

jnxIpSecTunMonLocalProxyId

jnxIpSecTunnelMonEntry 6

Identifier for local end.

jnxIpSecTunMonRemoteProxyId

jnxIpSecTunnelMonEntry 7

Identifier for remote end.

jnxIpSecTunMonKeyType

jnxIpSecTunnelMonEntry 8

Type of key used by IPsec Phase 2 tunnel. It can be one of the following two types:

  • IKE-negotiated
  • Manually installed

jnxIpSecTunMonRemotePeerType

jnxIpSecTunnelMonEntry 9

Type of the remote peer gateway (endpoint). It can be one of the following two types:

  • Static (remote peer whose IP address is known beforehand)
  • Dynamic (remote peer whose IP address is not known beforehand)

jnxIpSecTunMonOutEncryptedBytes

jnxIpSecTunnelMonEntry 10

Number of bytes encrypted by this Phase 2 tunnel.

jnxIpSecTunMonOutEncryptedPkts

jnxIpSecTunnelMonEntry 11

Number of packets encrypted by this Phase 2 tunnel.

jnxIpSecTunMonInDecryptedBytes

jnxIpSecTunnelMonEntry 12

Number of bytes decrypted by this Phase 2 tunnel.

jnxIpSecTunMonInDecryptedPkts

jnxIpSecTunnelMonEntry 13

Number of packets decrypted by this Phase 2 tunnel.

jnxIpSecTunMonAHInBytes

jnxIpSecTunnelMonEntry 14

Number of incoming bytes authenticated using AH by this Phase 2 tunnel.

jnxIpSecTunMonAHInPkts

jnxIpSecTunnelMonEntry 15

Number of incoming packets authenticated using AH by this Phase 2 tunnel.

jnxIpSecTunMonAHOutBytes

jnxIpSecTunnelMonEntry 16

Number of outgoing bytes applied AH by this Phase 2 tunnel.

jnxIpSecTunMonAHOutPkts

jnxIpSecTunnelMonEntry 17

Number of outgoing packets applied AH by this Phase 2 tunnel.

jnxIpSecTunMonReplayDropPkts

jnxIpSecTunnelMonEntry 18

Number of packets dropped by this Phase 2 tunnel due to antireplay check failure.

jnxIpSecTunMonAhAuthFails

jnxIpSecTunnelMonEntry 19

Number of packets received by this Phase 2 tunnel that failed AH authentication.

jnxIpSecTunMonEspAuthFails

jnxIpSecTunnelMonEntry 20

Number of packets received by this Phase 2 tunnel that failed ESP authentication.

jnxIpSecTunMonDecryptFails

jnxIpSecTunnelMonEntry 21

Number of packets received by this Phase 2 tunnel that failed decryption.

jnxIpSecTunMonBadHeaders

jnxIpSecTunnelMonEntry 22

Number of packets received by this Phase 2 tunnel that failed due to bad headers.

jnxIpSecTunMonBadTrailers

jnxIpSecTunnelMonEntry 23

Number of packets received by this Phase 2 tunnel that failed due to bad ESP trailers.

Note: The jnxIpSecTunMonDroppedPkts object is not supported in this release.

jnxIpSecTunMonDroppedPkts

jnxIpSecTunnelMonEntry 26

Total number of dropped packets for this Phase 2 tunnel.


Published: 2010-04-27