Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitor VPN Phase II

You are here: Monitor > Statistics > Phase II.

Use this page to view IPsec statistics and information related to IPsec security associations.

Table 1 describes the fields on the Phase II page.

Table 1: Fields on the Phase II Page

Field

Description

Statistics

Refresh interval (sec)

Indicates the duration of time after which you want the data on the page to be refreshed.

Refresh

Click the refresh icon at the top right corner to display the fresh content.

Clear

Clears all the data on the display page.

IPsec Statistics

—Provides details of the IPsec statistics.

Counter

Displays the ESP (encrypted and decrypted bytes), AH (input and output), and errors statistics.

Value

Displays the values for the respective statistics.

IPsec SA
IPsec Security Associations

ID

Index number of the SA.

Gateway/Port

IP address of the remote gateway/port.

Algorithm

Cryptography scheme used to secure exchanges between peers during the IKE Phase II negotiations:

  • An authentication algorithm used to authenticate exchanges between the peers. Options are hmac-md5-95 or hmac-sha1-96.

SPI

Security parameter index (SPI) identifier. A SA is uniquely identified by an SPI. Each entry includes the name of the VPN, the remote gateway address, the SPIs for each direction, the encryption and authentication algorithms, and keys. The peer gateways each have two SAs, one resulting from each of the two phases of negotiation: Phase I and Phase II.

Life

The lifetime of the SA, after which it expires, expressed either in seconds or kilobytes.

Monitoring

Specifies if VPN-Liveliness Monitoring has been enabled/disabled. Enabled - ' U ', Disabled- '—'

Vsys

Specifies the root system.