Table of Contents
Advertisement
Field
Tunnel id
Encapsulation mode
Perfect Forward Secrecy
Extended Sequence Numbers enable
Traffic Flow Confidentiality enable
Inside VPN
Path MTU
Tunnel
Transmitting entity
local address
remote address
Flow
sour addr
dest addr
port
protocol
SPI
Connection ID
Transform set
SA duration (kilobytes/sec)
SA remaining duration (kilobytes/sec)
Max received sequence-number
Max sent sequence-number
Anti-replay check enable
UDP encapsulation used for NAT
Description
IPsec tunnel ID.
Encapsulation mode, transport or tunnel.
Perfect Forward Secrecy (PFS) used by the IPsec policy for
negotiation:
•
768-bit Diffie-Hellman group (dh-group1).
•
1024-bit Diffie-Hellman group (dh-group2).
•
1536-bit Diffie-Hellman group (dh-group5).
•
2048-bit Diffie-Hellman group (dh-group14).
•
2048-bit and 256_bit subgroup Diffie-Hellman group
(dh-group24).
•
256-bit ECP Diffie-Hellman group (dh-group19).
•
384-bit ECP Diffie-Hellman group (dh-group20).
Whether Extended Sequence Number (ESN) is enabled.
Whether Traffic Flow Confidentiality (TFC) padding is enabled.
VPN instance to which the protected data flow belongs.
Path MTU of the IPsec SA.
Local and remote addresses of the IPsec tunnel.
Role of the IKE negotiation entity: Initiator or Responder.
Local end IP address of the IPsec tunnel.
Remote end IP address of the IPsec tunnel.
Information about the data flow protected by the IPsec tunnel.
Source IP address of the data flow.
Destination IP address of the data flow.
Port number.
Protocol type: ip or ipv6.
SPI of the IPsec SA.
Identifier of the IPsec SA.
Security protocol and algorithms used by the IPsec transform
set.
IPsec SA lifetime, in Kilobytes or seconds.
Remaining IPsec SA lifetime, in Kilobytes or seconds.
Max sequence number in the received packets.
Max sequence number in the sent packets.
Whether anti-replay checking is enabled.
Whether NAT traversal is used by the IPsec SA.
15
Advertisement
Chapters
Table of Contents
