JUNIPER-IPSEC-FLOW-MON-MIB Download

jnxIkeNumOfTunnels

Number of IKE Tunnels (phase-1) actively negotiating between peers. The SA can be in either the up or down state. This attribute should detail the number of IKE tunnels in jnxIkeTunnelMonTable.

jnxIkeTunnelMonTable

The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel.

jnxIkeTunnelMonEntry

Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonRemoteGwAddrType

The IP address type of the remote gateway (endpoint) for the IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonRemoteGwAddr

The IP address of the remote gateway (endpoint) for the IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonIndex

The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.

jnxIkeTunMonLocalGwAddr

The IP address of the local endpoint (gateway) for the IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonLocalGwAddrType

The IP address type of the local endpoint (gateway) for the IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonState

The state of the IKE tunnel, It can be: 1. up - negotiation completed 2. down- being negotiated

jnxIkeTunMonInitiatorCookie

Cookie as generated by the peer that initiated the IKE Phase-1 negotiation. This cookie is carried in the ISAKMP header.

jnxIkeTunMonResponderCookie

Cookie as generated by the peer responding to the IKE Phase-1 negotiation initiated by the remote peer. This cookie is carried in the ISAKMP header.

jnxIkeTunMonLocalRole

The role of local peer identity. The Role of the local peer can be: 1. initiator. 2. or responder.

jnxIkeTunMonLocalIdType

The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.

jnxIkeTunMonLocalIdValue

The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id_fqdn, then this is the FQDN of the remote peer. If the local peer type is a id_dn, the ...

jnxIkeTunMonLocalCertName

Name of the certificate used for authentication of the local tunnel endpoint. This object will have some valid value only if negotiated IKE authentication method is other than pre-saherd key. If the IKE negotiation do not use certificate based authenticat ...

jnxIkeTunMonRemoteIdType

The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.

jnxIkeTunMonRemoteIdValue

The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id_fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id_dn ...

jnxIkeTunMonNegoMode

The negotiation mode of the IPsec Phase-1 IKE Tunnel.

jnxIkeTunMonDiffHellmanGrp

The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.

jnxIkeTunMonEncryptAlgo

The encryption algorithm used in IPsec Phase-1 IKE negotiations.

jnxIkeTunMonHashAlgo

The hash algorithm used in IPsec Phase-1 IKE negotiations.

jnxIkeTunMonAuthMethod

The authentication method used in IPsec Phase-1 IKE negotiations.

jnxIkeTunMonLifeTime

The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.

jnxIkeTunMonActiveTime

The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds.

jnxIkeTunMonInOctets

The total number of octets received by this IPsec Phase-1 IKE security association.

jnxIkeTunMonInPkts

The total number of packets received by this IPsec Phase-1 IKE security association.

jnxIkeTunMonOutOctets

The total number of octets sent by this IPsec Phase-1 IKE security association.

jnxIkeTunMonOutPkts

The total number of packets sent by this IPsec Phase-1 IKE security association.

jnxIkeTunMonXAuthUserId

The extended Authentication (XAuth) User Identifier, identifies the user associated with this IPSec Phase negotiation.

jnxIkeTunMonDPDDownCount

The number of times that the remote peer is detected in a dead (or down) state. This attribute is obsolete

jnxIpSecNumOfTunnels

Number of IPSEC VPN Tunnels. This attribute should detail the number of IPSEC VPN tunnel in jnxIpSecTunnelTable.

jnxIpSecTunnelMonTable

The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel. If the tunnel is terminated, then the entry is no longer available after the table has been refreshed.

jnxIpSecTunnelMonEntry

Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.

jnxIpSecTunMonRemoteGwAddrType

The IP address type of the remote gateway (endpoint) for the IPsec Phase-2 Tunnel.

jnxIpSecTunMonRemoteGwAddr

The IP address of the remote gateway (endpoint) for the IPsec Phase-2 Tunnel.

jnxIpSecTunMonIndex

The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.

jnxIpSecTunMonLocalGwAddrType

The IP address type of the local gateway (endpoint) for the IPsec Phase-2 Tunnel.

jnxIpSecTunMonLocalGwAddr

The IP address of the local gateway (endpoint) for the IPsec Phase-2 Tunnel.

jnxIpSecTunMonLocalProxyId

Identifier for the local end.

jnxIpSecTunMonRemoteProxyId

Identifier for the remote end.

jnxIpSecTunMonKeyType

The type of key used by the IPsec Phase-2 Tunnel. It can be one of the following two types: - IKE negotiated - Manually installed

jnxIpSecTunMonRemotePeerType

The type of the remote peer gateway (endpoint). It can be one of the following two types: - static (Remote peer whose IP address is known beforehand) - dynamic (Remote peer whose IP address is not known beforehand)

jnxIpSecTunMonOutEncryptedBytes

Number of bytes encrypted by this Phase-2 tunnel.

jnxIpSecTunMonOutEncryptedPkts

Number of packets encrypted by this Phase-2 tunnel.

jnxIpSecTunMonInDecryptedBytes

Number of bytes decrypted by this Phase-2 tunnel.

jnxIpSecTunMonInDecryptedPkts

Number of packets decrypted by this Phase-2 tunnel.

jnxIpSecTunMonAHInBytes

Number of incoming bytes authenticated using AH by this Phase-2 tunnel.

jnxIpSecTunMonAHInPkts

Number of incoming packets authenticated using AH by this Phase-2 tunnel.

jnxIpSecTunMonAHOutBytes

Number of outgoing bytes applied AH by this Phase-2 tunnel.

jnxIpSecTunMonAHOutPkts

Number of outgoing packets applied AH by this Phase-2 tunnel.

jnxIpSecTunMonReplayDropPkts

Number of packets dropped by this Phase-2 tunnel due to anti replay check failure.

jnxIpSecTunMonAhAuthFails

Number of packets received by this Phase-2 tunnel that failed AH authentication.

jnxIpSecTunMonEspAuthFails

Number of packets received by this Phase-2 tunnel that failed ESP authentication.

jnxIpSecTunMonDecryptFails

Number of packets received by this Phase-2 tunnel that failed decryption.

jnxIpSecTunMonBadHeaders

Number of packets received by this Phase-2 tunnel that failed due to bad headers.

jnxIpSecTunMonBadTrailers

Number of packets received by this Phase-2 tunnel that failed due to bad ESP trailers.

jnxIpSecTunMonDroppedPkts

Total number of dropped packets for this Phase-2 tunnel. This attribute is obsolete.

jnxIpSecSaMonTable

The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the ac ...

jnxIpSecSaMonIndex

The index, in the context of the IPsec tunnel ipSecTunIndex, of the security association represented by this table entry. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. Th ...

jnxIpSecSaMonProtocol

The index, represents the security protocol (AH, ESP or IPComp) for which this security association was setup.

jnxIpSecSaMonInSpi

The value of the incoming SPI.

jnxIpSecSaMonOutSpi

The value of the outgoing SPI.

jnxIpSecSaMonType

This field represents the type of security associations which can be either manual or dynamic

jnxIpSecSaMonEncapMode

The encapsulation mode used by an IPsec Phase-2 Tunnel.

jnxIpSecSaMonLifeSize

The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.

jnxIpSecSaMonLifeTime

The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.

jnxIpSecSaMonActiveTime

The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.

jnxIpSecSaMonLifeSizeThreshold

The security association LifeSize refresh threshold in kilobytes.

jnxIpSecSaMonLifeTimeThreshold

The security association LifeTime refresh threshold in seconds.

jnxIpSecSaMonEncryptAlgo

The Encryption algorithm used to encrypt the packets which can be either es-cbc or 3des-cbc.

jnxIpSecSaMonAuthAlgo

The algorithm used for authentication of packets which can be hmac-md5-96 or hmac-sha1-96 or hmac-sha-256-128

jnxIpSecSaMonState

This column represents the status of the security association represented by this table entry. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association tr ...