EasyManua.ls Logo

Juniper NFX250 - Table 26: Show Security Ike Sa Detail Output Fields

Juniper NFX250
230 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Table 26: show security ike sa detail Output Fields
Field DescriptionField Name
IP address of the destination peer with which the local peer communicates.IKE peer
Index number of an SA. This number is an internally generated number you can use to
display information about a single SA.
Index
Name of the IKE gateway.Gateway Name
Part played in the IKE session. The device triggering the IKE negotiation is the initiator,
and the device accepting the first IKE exchange packets is the responder.
Role
State of the IKE SAs:
DOWN - SA has not been negotiated with the peer.
UP - SA has been negotiated with the peer.
State
Random number, called a cookie, which is sent to the remote node when the IKE
negotiation is triggered.
Initiator cookie
Random number generated by the remote node and sent back to the initiator as a
verification that the packets were received.
A cookie is aimed at protecting the computing resources from attack without spending
excessive CPU resources to determine the cookie's authenticity.
Responder cookie
Negotiation method agreed on by the two IPsec endpoints, or peers, used to exchange
information between one another. Each exchange type or mode determines the number
of messages and the payload types that are contained in each message. The modes
are:
main - The exchange is done with six messages. This mode encrypts the payload,
protecting the identity of the neighbor.
aggressive - The exchange is done with three messages. This mode does not encrypt
the payload, leaving the identity of the neighbor unprotected.
Exchange type
Method used to authenticate the source of IKE messages, which can be either
Pre-shared-keys or digital certificates, such as DSA-signatures, ECDSA-signatures-256,
ECDSA-signatures-384, or RSA-signatures.
Authentication method
Address of the local peer.Local
Address of the remote peer.Remote
Number of seconds remaining until the IKE SA expires.Lifetime
When enabled, number of seconds remaining until re-authentication triggers a new
IKEv2 SA negotiation.
Reauth Lifetime
199Copyright © 2017, Juniper Networks, Inc.
Chapter 9: IPSec-NM Configuration Statements and Operational Commands

Table of Contents

Other manuals for Juniper NFX250

Preview: Quick Start
Quick Start9 pages
Preview: Quick Start Guide
Quick Start Guide7 pages

Related product manuals