Juniper Networks J-Series Network Router User Manual


 
Table 74: Summary of Key IPSec Output Fields (continued)
ValuesField
Type of IKE exchange. The IKE exchange type determines the number of messages in the exchange
and the payload types contained in each message. Each exchange type provides a particular set of
security services, such as anonymity of the participants, perfect forward secrecy of the keying
material, and authentication of the participants. J-series Services Routers support the following types
of IKE exchanges:
MainIKE exchange is done with six messages. The Main exchange type encrypts the payload,
protecting the identity of the neighbor.
AggressiveIKE exchange is done with three messages. The Aggressive exchange type does not
encrypt the payload, leaving the identity of the neighbor unprotected.
Exchange Type
Role of the router in the IKE exchange: Initiator or Responder.
Role
Method used for IKE authentication. The type of authentication determines which payloads are
exchanged and when they are exchanged. J-series Services Routers support only the pre-shared keys
authentication type.
Authentication Method
Prefix and port number of the local tunnel endpoint.Local Address
Prefix and port number of the remote tunnel endpoint.Remote Address
Number of seconds remaining until the IKE security association expires.Lifetime
Type of authentication algorithm used for the security association: md5 or sha1.
Algorithm
Authentication
Type of encryption algorithm used for the security association: des-cbc, 3des-cbc, or None.
Algorithm Encryption
The pseudorandom function that generates highly unpredictable random numbers: hmac-md5 or
hmac-sha1.
Algorithm PRF
Number of bytes received on the IKE security association.Input Bytes
Number of bytes transmitted on the IKE security association.Output Bytes
Number of packets received on the IKE security association.Input Packets
Number of packets transmitted on the IKE security association.Output Packets
Number of IPSec security associations that have been created and deleted on the router. Only security
associations whose negotiations are complete are listed. When a security association is taken down,
it is listed as a deleted security association.
IPSec Security
Associations
Number of phase 2 IKE negotiations in progress.Phase 2 Negotiations
in Progress
Monitoring NAT Pools
NAT pool information includes information about the address ranges configured
within the pool on the Services Router. To view NAT pool information, select
Monitor>NAT in the J-Web interface, or enter the following CLI show command:
142 Using the Monitoring Tools
J-series Services Router Administration Guide