Chapter 7: Monitoring the Router and Routing Operations

Table 74: Summary of Key IPSec Output Fields (continued)

Field

Values

Remote Gateway

Gateway address of the remote system.

Direction

Direction of the IPSec tunnel: Inbound or Outbound.

Protocol

Protocol supported: either Encapsulation Security Protocol (ESP) or Authentication Header and ESP

 

(AH+ESP).

Tunnel Index

Numeric identifier of the IPSec tunnel.

Tunnel Local Identity

Prefix and port number of the local endpoint of the IPSec tunnel.

Tunnel Remote

Prefix and port number of the remote endpoint of the IPSec tunnel.

Identity

 

IPSec Statistics

 

Service Set

Name of the service set for which the IPSec tunnel is defined.

Local Gateway

Gateway address of the local system.

Remote Gateway

Gateway address of the remote system.

ESP Encrypted Bytes

Total number of bytes encrypted by the local system across the IPSec tunnel.

ESP Decrypted Bytes

Total number of bytes decrypted by the local system across the IPSec tunnel.

AH Input Bytes

Total number of bytes received by the local system across the IPSec tunnel.

AH Output Bytes

Total number of bytes transmitted by the local system across the IPSec tunnel.

IKE Security

 

Remote Address

Responder's address.

State

State of the IKE security association:

 

Matured—IKE security association is established.

 

Not matured—IKE security association is in the process of negotiation.

Initiator Cookie

Random number sent to the remote node when the IKE negotiation is triggered. This number is

 

generated by means of an algorithm and information shared during the IKE negotiation. Cookies

 

provide a basic form of authenticity protection to help prevent denial-of-service (DoS) attacks.

Responder Cookie

Random number generated by the remote node when it receives the initiator cookie. The remote

 

node sends the cookie back to the IKE initiator as verification that the negotiation packets were

 

received.

Using the Monitoring Tools 141

Page 163
Image 163
Juniper Networks J-Series manual Ah+Esp, IPSec Statistics, IKE Security