Technical Documentation

jnxIPSecTunnelTable

The IPsec phase 2 tunnel table jnxIPSecTunnelTable), whose object identifier is {jnxIPSecPhaseTwo 1}, is used to monitor the IPsec phase 2 tunnel attributes along with the statistics for the tunnel. There is one entry for each tunnel to the peer security gateway. This table does not contain information about IPsec security associations (SAs) because multiple SAs can be present for each tunnel.

Similar to the IKE tunnel table (jnxIkeTunnelTable), the key of this table is a combination of the service set name, remote gateway address, and the IPsec tunnel index. This table can be queried just like the IKE tunnel table.

To get only IPsec tunnels specific to a particular remote gateway in a service set, the SNMP manager can specify the corresponding service set name and the remote gateway address in the query.

The jnxIPSecTunnelEntry, whose object identifier is {jnxIPSecTunnelTable 1}, has 27 objects, which are listed in Table 1. Each entry contains attributes associated with an active IPsec phase 2 tunnel.

Table 1: jnxIPSecTunnelTable

Object

Object Identifier

Description

jnxIPSecTunIndex

jnxIPSecTunnelEntry 1

Index for the table. The value of the index is a number that begins at 1 and is incremented with each tunnel that is created. When the index number reaches 2,147,483,647 the value wraps back to 1.

jnxIPSecRuleName

jnxIPSecTunnelEntry 2

The name of the rule defined in the IPsec configuration.

jnxIPSecTermName

jnxIPSecTunnelEntry 3

The name of the term configured under the IPsec rule.

jnxIPSecTunLocalGwAddrType

jnxIPSecTunnelEntry 4

The IP address type of the local gateway (endpoint) for the IPsec phase 2 tunnel.

jnxIPSecTunLocalGwAddr

jnxIPSecTunnelEntry 5

The IP address of the local gateway (endpoint) for the IPsec phase 2 tunnel.

jnxIPSecTunRemoteGwAddrType

jnxIPSecTunnelEntry 6

The IP address type of the remote gateway (endpoint) for the IPsec phase 2 tunnel.

jnxIPSecTunRemoteGwAddr

jnxIPSecTunnelEntry 7

The IP address of the remote gateway (endpoint) for the IPsec phase 2 tunnel.

jnxIPSecTunLocalProxyId

jnxIPSecTunnelEntry 8

The identifier for the local endpoint.

jnxIPSecTunRemoteProxyId

jnxIPSecTunnelEntry 9

The identifier for the remote endpoint.

jnxIPSecTunKeyType

jnxIPSecTunnelEntry 10

The type of key used by the IPsec phase 2 tunnel. The key type can be IKE negotiated or Manually installed.

jnxIPSecRemotePeerType

jnxIPSecTunnelEntry 11

The type of the remote peer gateway (endpoint). If the remote peer’s IP address is known beforehand, the type is static. If the IP address is not known beforehand, the type is dynamic.

jnxIPSecTunMtu

jnxIPSecTunnelEntry 12

The maximum transmission unit (MTU) value of the IPsec phase 2 tunnel.

jnxIPSecTunOutEncryptedBytes

jnxIPSecTunnelEntry 13

The number of bytes encrypted by the IPsec phase 2 tunnel.

jnxIPSecTunOutEncryptedPkts

jnxIPSecTunnelEntry 14

The number of packets encrypted by the IPsec phase 2 tunnel.

jnxIPSecTunInDecryptedBytes

jnxIPSecTunnelEntry 15

The number of bytes decrypted by the IPsec phase 2 tunnel.

jnxIPSecTunInDecryptedPkts

jnxIPSecTunnelEntry 16

The number of packets decrypted by the IPsec phase 2 tunnel.

jnxIPSecTunAHInBytes

jnxIPSecTunnelEntry 17

The number of incoming bytes authenticated using the authentication header (AH) by the IPsec phase 2 tunnel.

jnxIPSecTunAHInPkts

jnxIPSecTunnelEntry 18

The number of incoming packets authenticated using the authentication header (AH) by the IPsec phase 2 tunnel.

jnxIPSecTunAHOutBytes

jnxIPSecTunnelEntry 19

The number of outgoing bytes on the IPsec phase 2 tunnel where the AH is applied.

jnxIPSecTunHAOutPkts

jnxIPSecTunnelEntry 20

The number of outgoing packets on the IPsec phase 2 tunnel where the AH is applied.

jnxIPSecTunReplayDropPkts

jnxIPSecTunnelEntry 21

The number of packets dropped by the IPsec phase 2 tunnel because of an anti-replay check failure.

jnxIPSecTunAhAuthFails

jnxIPSecTunnelEntry 22

The number of packets received by the IPsec phase 2 tunnel that failed AH authentication.

jnxIPSecTunEspAuthFails

jnxIPSecTunnelEntry 23

The number of packets received by this IPsec phase 2 tunnel that failed ESP authentication.

jnxIPSecTunDecryptFails

jnxIPSecTunnelEntry 24

The number of packets received by this IPsec phase 2 tunnel that failed decryption.

jnxIPSecTunBadHeaders

jnxIPSecTunnelEntry 25

The number of packets received by this IPsec phase 2 tunnel that failed because of bad headers.

jnxIPSecTunBadTrailers

jnxIPSecTunnelEntry 26

The number of packets received by this IPsec phase 2 tunnel that failed because of bad ESP trailers.

jnxIPSecTunDroppedPkts

jnxIPSecTunnelEntry 27

The total number of packets dropped from this IPsec phase 2 tunnel.


Published: 2010-04-27