Table 8-16IPsec statistics

Message

Description

 

 

Fragmentation Errors

Number of fragmented packets that cannot be reassembled.

 

 

ESP MAC Errors

Number of encapsulating security payload (ESP) MAC errors. MAC is used to verify

 

that the received message is the same as the one sent.

 

 

AH MAC Errors

Number of authentication header (AH) MAC errors. MAC is used to verify that the

 

message received is the same as the one sent.

 

 

Replay Errors

Number of replay attacks, where unauthorized packets are resent.

 

 

Drop Rule

Number of dropped packets based on the IPsec rule (set to drop all non-IPsec traffic).

 

Client notification of dropped packets is not provided.

 

 

Reject Rule

Number of rejected IPsec packets. Client notification of rejected packets is provided

 

through ICMP error messages.

 

 

No Rule

Number of received packets for which an IPsec policy rule is not configured.

 

 

Generic Drops

Number of dropped packets that are not counted by other statistics.

 

 

ESP (Rx/Tx):

Total number of ESP packets received (Rx) and transmitted (Tx) by the print server.

 

 

AH (Rx/Tx)

Total number of AH packets received (Rx) and transmitted (Tx) by the print server.

 

 

Total (Rx/Tx)

Total number of all packets received (Rx) and transmitted (Tx) by the print server.

 

 

IKE Stats

Internet key exchange (IKE) statistics for the print server are described in the following table.

Table 8-17IKE Statistics

Message

Description

 

 

Phase 1 Failures

Number of authentication failures that occur when the print server is establishing a

 

connection over IPsec. These result in connection failures.

 

 

Quick Mode Failures

Number of post-authentication failures that occur during IPsec protocol configuration,

 

which result in connection failures.

 

 

Rekeys

Number of times keys were regenerated. For example, this can occur after a key

 

lifetime setting is exceeded and then regenerated.

 

 

IKE Connections OK (1/Q)

Number of successful IPsec connections for both Phase 1 and Quick Mode attempts,

 

separated by a slash (Phase 1 count / Quick Mode count).

 

 

IPsec Rules

This section of the Security page identifies the IPsec policy of the print server. The IPsec policy consists of rules that control the security of the traffic received and transmitted by the print server. Rules are configured with an IPsec configuration wizard, which is accessed from the HP Embedded Web Server. You can configure up to ten rules.

The heading of this section indicates the default rule for IPsec traffic (Def: Pass or Drop)

Pass Allow all non-IPsec traffic.

Drop Drop all non-IPsec traffic.

ENWW

HP Jetdirect Security page 163