UsePolIkeRetryGood UsePolIkeRetryFailed

182

Enhancements to IPsec/VPN

Release Note

Table 49: Modified parameters in output of the show isakmp counter=general command

Parameter	Meaning

badSpiRequests	The number of bad SPI requests that IPsec generated and
	sent to ISAKMP. These occur when an IPsec policy has the
	parameter respondbadspi set to true and packets
	processed by that policy have an unknown SPI value. If
	ISAKMP accepts the request, it establishes a new ISAKMP
	SA to the sending peer, then sends an initial contact
	notification message.

badSpiFromKnownPeer	The number of bad SPI response requests rejected because
	an ISAKMP SA for the sending peer already existed. This
	ensures that an established tunnel is not destroyed.

badSpiInAggrMode	The number of bad SPI requests rejected because the
	ISAKMP policy is configured to use aggressive mode for
	phase 1 exchanges. Bad SPI requests can only generate
	notification messages when the policy specifies main mode
	for phase 1 exchanges.

badSpiSendNotifyUnset	The number of bad SPI requests rejected because the
	ISAKMP policy was not configured to send notification
	messages.

retryIkeAttemptsPh1	The number of phase 1 exchanges initiated due to an
	exchange failing. These exchanges are only initiated for
	policies configured with retryikeattempts.

retryIkeAttemptsPh2	The number of phase 2 exchanges initiated due to an
	exchange failing. These exchanges are only initiated for
	policies configured with retryikeattempts.

Figure 59: Example output from the show isakmp counter=spd command

Table 50: Modified parameters in output of the show isakmp counter=spd command

Parameter	Meaning

usePolIkeRetryGood	The number of times IKE exchange retry was used by a
	policy to retry a failed IKE exchange.

UsePolIkeRetryFailed	The number of times IKE exchange retry could not be used
	for a policy, because the policy had exceeded its retry limits.
	The retry limits are set using the retryikeattempts
	parameter.

Software Version 2.8.1 C613-10477-00 REV B