Viewing ipsec tunnel details – H3C Technologies H3C Intelligent Management Center User Manual

Page 40

Advertising
background image

30

Viewing IPsec tunnel details

You can only view detailed information about IPsec tunnels in Ready state.
To view an IPsec tunnel details:

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > IPsec Tunnels.
The Active Tunnels tab displays all the IPsec tunnels in the Tunnel List.

3.

Click the name of the IPsec tunnel whose detailed information you want to view.
The Tunnel Details page appears.
Tunnel Details contents

{

Local Device—Local end device name of the IPsec tunnel.

{

Local IP—Local end IP address of the IPsec tunnel.

{

Remote Device Name—Remote end device name of the IPsec tunnel. For a BIMS device, this
field displays the device IP address.

{

Remote IP—Remote end IP address of the IPsec tunnel.

{

Tunnel Status—State of the tunnel when IVM last polled the tunnel end device.

{

Initiator—Initiator of the IPsec tunnel, Local or Remote.

{

Key Negotiation—Key exchange mode used to establish the IPsec tunnel: Manual or IKE.

{

Encapsulation Mode—Packet encapsulation mode of the IPsec tunnel: Transport or Tunnel.

{

Active SAs—Number of active SAs associated with the IPsec tunnel.

{

SA Refresh Count—Number of times the SAs associated with the tunnels have been refreshed.
An SA refresh occurs when the time-based or traffic-based lifetime timer of the SA expires.

{

SA Remaining Life (sec)—Remaining time-based lifetime of the SA, in seconds. IKE negotiates a
new SA when the timer expires.

{

SA Lifetime (sec)—Time duration for which the SA has been valid, in seconds.

{

SA Remaining Traffic (KB)—Remaining traffic-based lifetime of the SA, in kilobytes. IKE
negotiates a new SA when the lifetime timer expires.

{

SA Life Traffic (KB)—Amount of traffic the SA has processed, in kilobytes.

{

DH Group—DH parameters exchanged for shared key calculation in phase-1 IKE negotiation.

SA List

{

SA Direction—Direction of the IPsec SA. An SA is unidirectional. At least two SAs are needed
to protect data flows in bidirectional communication. If two peers want to use both AH and ESP

to protect data flows between them, they construct an independent SA for each protocol in each

direction.

{

SPI—Security parameter index (SPI) of the IPsec SA. An SPI is a 32-bit number that uniquely

identifies an SA. It is transmitted in the AH/ESP header. The SPI of IKE created IPsec SAs is
automatically generated, and that of manually created IPsec SAs must be manually specified.

{

Security Protocols—Security protocol used to establish the IPsec SA.

{

Encryption—Encryption algorithm used to establish the IPsec SA.

{

Authentication—Authentication algorithm used to establish the IPsec SA.

{

SA Status—State of the IPsec SA when IVM last polled the device.

Advertising
Popular Brands
Popular manuals