IP address of the sending gateway – IP address of the receiving gateway.
l
The SPI (Security Parameter Index): "spi=169172253 (0x0a155d1d)". The SPI is identified
l
according to the direction of the SA displayed. As such, for an SA described in the direction
remote IP – local IP, the SPI indicated is the incoming SPI. It therefore allows identifying
incoming traffic.
The encryption method used: "E: 3des-cbd",
l
The authentication method used: "A: hmac-sha1",
l
The state of the tunnel: "state=mature". This state can be mature (the tunnel has been set up
l
correctly: the SA is available and usable), larval (the SA is being negotiated) or dying (the SA's
lifetime has expired and it will be renegotiated when the traffic requires it).
The date/time the tunnel was set up and the current date/time,
l
The number of bytes exchanged. current: 8840 (bytes).
l
Incident resolution - Common errors
If you have chosen to use authentication by certificate, please refer to the section "Incident
resolution - Common errors" in the tutorial "IPSec VPN – Authentication by certificate".
If you have opted for authentication by pre-shared key, please refer to the section "Incident
resolution - Common errors" in the tutorial "IPSec VPN – Authentication by pre-shared key".
Page 427/448
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - HUB AND SPOKE CONFIGURATION
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016