beautypg.com

Ipsec (phase 2) statistics, Active tunnels, Total tunnels – Cisco VPN 3002 User Manual

Page 208: Received bytes, Sent bytes, Received packets, Sent packets, Received packets dropped, Received packets dropped (anti-replay)

background image

13-20

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 13 Monitoring

Monitoring | Statistics | IPSec

IPSec (Phase 2) Statistics

This table provides IPSec Phase 2 global statistics. During IPSec Phase 2, the two peers negotiate
Security Associations that govern traffic within the tunnel.

Active Tunnels

The number of currently active IPSec Phase-2 tunnels.

Total Tunnels

The cumulative total of all currently and previously active IPSec Phase-2 tunnels.

Received Bytes

The cumulative total of bytes (octets) received by all currently and previously active IPSec Phase-2
tunnels, before decompression. In other words, total bytes of IPSec-only data received by the IPSec
subsystem, before decompressing the IPSec payload.

Sent Bytes

The cumulative total of bytes (octets) sent by all currently and previously active IPSec Phase-2 tunnels,
after compression. In other words, total bytes of IPSec-only data sent by the IPSec subsystem, after
compressing the IPSec payload.

Received Packets

The cumulative total of packets received by all currently and previously active IPSec Phase-2 tunnels.

Sent Packets

The cumulative total of packets sent by all currently and previously active IPSec Phase-2 tunnels.

Received Packets Dropped

The cumulative total of packets dropped during receive processing by all currently and previously active
IPSec Phase-2 tunnels, excluding packets dropped due to anti-replay processing. If there is a problem
with the content of a packet, the system drops the packet. This number should be zero or very small; if
not, check for misconfiguration.

Received Packets Dropped (Anti-Replay)

The cumulative total of packets dropped during receive processing due to anti-replay errors, by all
currently and previously active IPSec Phase-2 tunnels. If the sequence number of a packet is a duplicate
or out of bounds, there might be a faulty network or a security breach, and the system drops the packet.