Monitor IPsec VPN
You are here: Monitor > Network > IPsec VPN.
Use the monitoring functionality to view information of IKE, IPsec configuration, Security Associations (SA), and Statistics in a tabular format that includes sortable columns. A VPN provides a means by which remote computers communicate securely across a public WAN such as the Internet. IPsec VPN is a protocol that consist set of standards used to establish a VPN connection.
Table 1 describes the fields on the IPsec VPN page.
Field |
Description |
---|---|
IPsec Statistics list menu |
Displays summary of the global IPsec VPN or selected IPsec VPN statistics. |
Clear SA list menu |
Displays the options Clear All SAs or Clear Selected SA to clear SAs. If you choose Clear All SAs, then you can select Clear All IKE SAs, Clear All IPsec SAs, or Clear All IKE & IPsec SAs. If you choose Clear Selected SAs, then you can select Clear Selected IKE SA, Clear Selected IPsec SA, or Clear Selected IKE & IPsec SA. |
Refresh icon |
Click refresh icon to get latest operational data. Note:
The configuration data is fetched from cache. Any changes to the CLI will be fetched only after you commit it and click Monitor > Network > IPsec VPN to refresh the page and get the latest configuration data. |
Search |
You can search and filter either the remote gateway or the VPN name. |
Remote Gateway |
Displays gateway name of the remote system. |
IKE Status |
Displays if IKE is up or down. |
Local IP |
Displays the external interface, IP address, and port of the local peer so that its remote peer can communicate with it. |
Remote IP |
Displays the IP address and port of the remote peer. Note:
The remote IP displays only when the IKE is up. |
VPN Name |
Displays IPsec VPN name. |
TS/Proxy ID Status |
Displays information and status (up or down) of the traffic selector or the proxy ID that are negotiated between the peers. |
Connection Profile |
Displays the connection profile in the FQDN or FQDN/realm format if configured. If not configured, the field displays as external-IP/VPN-Name. |
IPsec Soft Life |
Displays the soft lifetime (in seconds) which indicates that the IPsec key management system that the SA is about to expire. |
IKE Index |
Displays index number for a particular IKE SA. |
IPsec Index |
Displays index number for a particular IPsec SA. |
Topology |
Displays the topology deployment for an IPsec VPN. For example: Site to Site/Hub & Spoke or Remote Access VPN. |
IKE Proposal |
Lists algorithms negotiated with the remote peer. |
IPsec Proposal |
Lists protocols and algorithms negotiated with the remote peer. |
Authentication Type |
Display if the preshared key or certificate based is used by the Virtual Private network (VPN). |
DPD |
Displays dead peer detection (DPD) method used by devices to verify the current existence and availability of IPsec peers. |
Role |
Displays whether the device is an initiator or a responder. |
IKE Initiator Cookie |
Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered. |
IKE Responder Cookie |
Random number generated by the remote node and sent back to the initiator as a verification that the packets are received. |
IKE Life |
Lifetime (in seconds) of an IKE SA. Range: 180 through 86,400. Default is 3600. |
Mode |
Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that each message contains. The modes or exchange types are:
|
Peer IKE-ID |
Displays the IKE IDs for the local or remote devices. |
Remote Access |
Displays the remote access URL. Note:
This option is applicable only for the remote access VPN with Juniper Secure Connect (JSC). |
Remote User |
Displays the remote IKE identity to exchange with the destination peer to establish communication. |
DNS |
Displays the IP addresses for a primary and a secondary DNS servers. |
WINS |
Displays the IP addresses for a primary and a secondary WINS servers. |
Inbound SPI |
Displays security parameter index (SPI) value to authenticate incoming traffic coming from the peer. |
Outbound SPI |
Displays algorithms, keys, or SPI values to decrypt and to authenticate outbound traffic to the peer. |
IPsec Hard Life |
Displays number of seconds until the SA expires. |
IPsec Lifesize |
Displays the lifesize remaining specifies the usage limits in kilobytes. If no lifesize is specified, it shows unlimited. |