Table 29: show security ipsec sa detail Output Fields (continued)
Field DescriptionField Name
The hard lifetime specifies the lifetime of the SA.
• Expires in seconds - Number of seconds left until the SA expires.
Hard lifetime
The lifesize remaining specifies the usage limits in kilobytes. If there is no lifesize
specified, it shows unlimited.
Lifesize Remaining
The soft lifetime informs the IPsec key management system that the SA is about to
expire. Each lifetime of an SA has two display options, hard and soft, one of which must
be present for a dynamic SA. This allows the key management system to negotiate a
new SA before the hard lifetime expires.
• Expires in seconds - Number of seconds left until the SA expires.
Soft lifetime
Mode of the SA:
• transport - Protects host-to-host connections.
• tunnel - Protects connections between security gateways.
Mode
Type of the SA:
• manual - Security parameters require no negotiation. They are static and are
configured by the user.
• dynamic - Security parameters are negotiated by the IKE protocol. Dynamic SAs are
not supported in transport mode.
Type
State of the SA:
• Installed - The SA is installed in the SA database.
• Not Installed - The SA is not installed in the SA database.
For transport mode, the value of State is always Installed.
State
Protocol supported.
• Transport mode supports Encapsulation Security Protocol (ESP) and Authentication
Header (AH).
• Tunnel mode supports ESP and AH.
• Authentication - Type of authentication used.
• Encryption - Type of encryption used.
Protocol
State of the service that prevents packets from being replayed. It can be Enabled or
Disabled.
Anti-replay service
Configured size of the antireplay service window. It can be 32 or 64 packets. If the replay
window size is 0, the antireplay service is disabled.
The antireplay window size protects the receiver against replay attacks by rejecting old
or duplicate packets.
Replay window size
Copyright © 2017, Juniper Networks, Inc.206
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
