Monitoring nat pools – Juniper Networks J-Series User Manual

Table 74: Summary of Key IPSec Output Fields (continued)

Values

Field

Type of IKE exchange. The IKE exchange type determines the number of messages in the exchange
and the payload types contained in each message. Each exchange type provides a particular set of
security services, such as anonymity of the participants, perfect forward secrecy of the keying
material, and authentication of the participants. J-series Services Routers support the following types
of IKE exchanges:

■

Main

—IKE exchange is done with six messages. The

Main

exchange type encrypts the payload,

protecting the identity of the neighbor.

■

Aggressive

—IKE exchange is done with three messages. The

Aggressive

exchange type does not

encrypt the payload, leaving the identity of the neighbor unprotected.

Exchange Type

Role of the router in the IKE exchange:

Initiator

or

Responder

.

Role

Method used for IKE authentication. The type of authentication determines which payloads are
exchanged and when they are exchanged. J-series Services Routers support only the

pre-shared keys

authentication type.

Authentication Method

Prefix and port number of the local tunnel endpoint.

Local Address

Prefix and port number of the remote tunnel endpoint.

Remote Address

Number of seconds remaining until the IKE security association expires.

Lifetime

Type of authentication algorithm used for the security association:

md5

or

sha1

.

Algorithm
Authentication

Type of encryption algorithm used for the security association:

des-cbc

,

3des-cbc

, or

None

.

Algorithm Encryption

The pseudorandom function that generates highly unpredictable random numbers:

hmac-md5

or

hmac-sha1

.

Algorithm PRF

Number of bytes received on the IKE security association.

Input Bytes

Number of bytes transmitted on the IKE security association.

Output Bytes

Number of packets received on the IKE security association.

Input Packets

Number of packets transmitted on the IKE security association.

Output Packets

Number of IPSec security associations that have been created and deleted on the router. Only security
associations whose negotiations are complete are listed. When a security association is taken down,
it is listed as a deleted security association.

IPSec Security
Associations

Number of phase 2 IKE negotiations in progress.

Phase 2 Negotiations
in Progress

Monitoring NAT Pools

NAT pool information includes information about the address ranges configured
within the pool on the Services Router. To view NAT pool information, select
Monitor>NAT in the J-Web interface, or enter the following CLI

show

command:

142

■

Using the Monitoring Tools

J-series™ Services Router Administration Guide