522
Sequence number Sequence number of the IPsec policy entry.
Mode
Negotiation mode used by the IPsec policy:
• Manual
• ISAKMP
• Template
• GDOI
Tunnel id IPsec tunnel ID.
Encapsulation mode Encapsulation mode, transport or tunnel.
Perfect Forward Secrecy
Perfect Forward Secrecy (PFS) used by the IPsec policy for
negotiation:
• 768-bit Diffie-Hellman group (dh-group1)
• 1024-bit Diffie-Hellman group (dh-group2)
• 1536-bit Diffie-Hellman group (dh-group5)
• 2048-bit Diffie-Hellman group (dh-group14)
• 2048-bit and 256_bit subgroup Diffie-Hellman group
(dh-group24)
• 256-bit ECP Diffie-Hellman group (dh-group19)
• 384-bit ECP Diffie-Hellman group (dh-group20)
Extended Sequence Numbers enable Whether Extended Sequence Number (ESN) is enabled.
Traffic Flow Confidentiality enable Whether Traffic Flow Confidentiality (TFC) padding is enabled.
Inside VPN VPN instance to which the protected data flow belongs.
Path MTU Path MTU of the IPsec SA.
Tunnel
Local and remote addresses of the IPsec tunnel.
This field is not displayed if the negotiation mode is GDOI.
local address Local end IP address of the IPsec tunnel.
remote address Remote end IP address of the IPsec tunnel.
Flow Information about the data flow protected by the IPsec tunnel.
sour addr Source IP address of the data flow.
dest addr Destination IP address of the data flow.
port Port number.
protocol
Protocol type:
• ip—IPv4.
• ipv6—IPv6.
Current outbound SPI
SPI that the outbound IPsec SA currently uses.
This field is displayed when the negotiation mode is GDOI.
SPI SPI of the IPsec SA.
Connection ID Identifier of the IPsec SA.
Transform set
Security protocol and algorithms used by the IPsec transform
set.
SA duration (kilobytes/sec) IPsec SA lifetime, in kilobytes or seconds.
SA remaining duration (kilobytes/sec) Remaining IPsec SA lifetime, in kilobytes or seconds.
Max received sequence-number Max sequence number in the received packets.
To Next Page
Loading...
Need help?
General
