Index |
A unique index for this entry. |
State |
The current state of the security association
Possible values:
alive(1), -- The SA is alive and will eventually be rekeyed
expired(2), -- The SA is expired and will not be rekeyed
delete (3) -- mark this sa for deletion. Enumerations: - alive (1)
- expired (2)
- delete (3)
|
Creator |
This object specifies how the SA was created
Possible values:
manual(1), -- A manually keyed IPSec SA
ike(2) -- An automatically keyed SA created by IKE. Enumerations: |
Dir |
This object specifies whether the SA is used for inbound or
outbound processing.
Possible values:
inbound(1), -- An inbound security association
outbound(2) -- An outbound security association. Enumerations: |
Mode |
This object specifies whether the SA is in tunnel or
transport mode.
Possible values:
tunnel(1), -- A tunnel mode SA
transport(2) -- A transport mode SA. Enumerations: |
SecProto |
This object specifies the security protocol applied by this SA.
Possible values:
esp(50), -- Encapsulating Security Payload
ah(51), -- Authentication Header
ipcomp(108) -- Internet Payload Compression Protocol. Enumerations: - esp (50)
- ah (51)
- ipcomp (108)
|
LocalIp |
The local IP address of the outer packet header. For
transport mode SAs, this address is the same as the
ipsecSaSrcAddress. |
PeerIp |
The destination IP address of the outer packet
header. For transport mode SAs, this address is the
same as the ipsecSaDstAddress. |
SrcAddress |
The address of the source network this SA covers (if the
SrcRange field is nonzero, this is the first address of a
range of addresses). |
SrcMaskLen |
The mask length of the source network this SA covers
(only meaningful, if the SrcRange field is zero). |
SrcRange |
The last address of a range of source addresses (starting with
SrcAddress) this SA covers. Overrides SrcMaskLen. |
DstAddress |
The address of the destination network this SA covers (if the
DstRange field is nonzero, this is the first address of a
range of addresses). |
DstMaskLen |
The mask length of the destination network this SA covers
(only meaningful, if the DstRange field is zero). |
DstRange |
The last address of a range of destination addresses (starting
with DstAddress) this SA covers. Overrides DstMaskLen. |
Spi |
The Security Parameters Index of this SA. |
AuthAlg |
The hash algorithm used, if any.
Possible Values:
none(2), -- No hash algorithm applied
md5-96(4), -- The MD5 hash algorithm
sha1-96(6) -- The Secure Hash Algorithm. Enumerations: - none (2)
- md5-96 (4)
- sha1-96 (6)
|
EncAlg |
The encryption algorithm used, if any.
Possible Values:
none(1), -- No encryption applied
des-cbc(2), -- DES in CBC mode
des3-cbc(3), -- Triple DES in CBC mode
blowfish-cbc(4), -- Blowfish in CBC mode
cast128-cbc(5), -- CAST with 128 bit key in CBC mode
twofish-cbc(6), -- Twofish in CBC mode
rijndael-cbc(7) -- Rijndael in CBC mode. Enumerations: - none (1)
- des-cbc (2)
- des3-cbc (3)
- blowfish-cbc (4)
- cast128-cbc (5)
- twofish-cbc (6)
- rijndael-cbc (7)
|
CompAlg |
The compression algorithm used, if any.
Possible Values:
none(1), -- No compression
deflate(2) -- DEFLATE compression algorithm. Enumerations: |
AuthKeyLen |
The length of the key used for authentication, if any. |
EncKeyLen |
The length of the key used for encryption, if any. |
LifeSeconds |
The period in seconds after which this SA will be destroyed. |
LifeKBytes |
The amount of data allowed to be protected by this SA
until it is destroyed. |
Proto |
The protocol this SA covers. Enumerations: - icmp (1)
- igmp (2)
- ggp (3)
- ipip (4)
- st (5)
- tcp (6)
- cbt (7)
- egp (8)
- igp (9)
- bbn (10)
- nvp (11)
- pup (12)
- argus (13)
- emcon (14)
- xnet (15)
- chaos (16)
- udp (17)
- mux (18)
- dcn (19)
- hmp (20)
- prm (21)
- xns (22)
- trunk1 (23)
- trunk2 (24)
- leaf1 (25)
- leaf2 (26)
- rdp (27)
- irtp (28)
- isotp4 (29)
- netblt (30)
- mfe (31)
- merit (32)
- sep (33)
- pc3 (34)
- idpr (35)
- xtp (36)
- ddp (37)
- idprc (38)
- tp (39)
- il (40)
- ipv6 (41)
- sdrp (42)
- ipv6route (43)
- ipv6frag (44)
- idrp (45)
- rsvp (46)
- gre (47)
- mhrp (48)
- bna (49)
- esp (50)
- ah (51)
- inlsp (52)
- swipe (53)
- narp (54)
- mobile (55)
- tlsp (56)
- skip (57)
- ipv6icmp (58)
- ipv6nonxt (59)
- ipv6opts (60)
- ipproto-61 (61)
- cftp (62)
- local (63)
- sat (64)
- kryptolan (65)
- rvd (66)
- ippc (67)
- distfs (68)
- satmon (69)
- visa (70)
- ipcv (71)
- cpnx (72)
- cphb (73)
- wsn (74)
- pvp (75)
- brsatmon (76)
- sunnd (77)
- wbmon (78)
- wbexpak (79)
- isoip (80)
- vmtp (81)
- securevmtp (82)
- vines (83)
- ttp (84)
- nsfnet (85)
- dgp (86)
- tcf (87)
- eigrp (88)
- ospfigp (89)
- sprite (90)
- larp (91)
- mtp (92)
- ax25 (93)
- ipwip (94)
- micp (95)
- scc (96)
- etherip (97)
- encap (98)
- encrypt (99)
- gmtp (100)
- ifmp (101)
- pnni (102)
- pim (103)
- aris (104)
- scps (105)
- qnx (106)
- an (107)
- ippcp (108)
- snp (109)
- compaq (110)
- ipxip (111)
- vrrp (112)
- pgm (113)
- hop0 (114)
- l2tp (115)
- ipproto-116 (116)
- ipproto-117 (117)
- ipproto-118 (118)
- ipproto-119 (119)
- ipproto-120 (120)
- ipproto-121 (121)
- ipproto-122 (122)
- ipproto-123 (123)
- ipproto-124 (124)
- ipproto-125 (125)
- ipproto-126 (126)
- ipproto-127 (127)
- ipproto-128 (128)
- ipproto-129 (129)
- ipproto-130 (130)
- ipproto-131 (131)
- ipproto-132 (132)
- ipproto-133 (133)
- ipproto-134 (134)
- ipproto-135 (135)
- ipproto-136 (136)
- ipproto-137 (137)
- ipproto-138 (138)
- ipproto-139 (139)
- ipproto-140 (140)
- ipproto-141 (141)
- ipproto-142 (142)
- ipproto-143 (143)
- ipproto-144 (144)
- ipproto-145 (145)
- ipproto-146 (146)
- ipproto-147 (147)
- ipproto-148 (148)
- ipproto-149 (149)
- ipproto-150 (150)
- ipproto-151 (151)
- ipproto-152 (152)
- ipproto-153 (153)
- ipproto-154 (154)
- ipproto-155 (155)
- ipproto-156 (156)
- ipproto-157 (157)
- ipproto-158 (158)
- ipproto-159 (159)
- ipproto-160 (160)
- ipproto-161 (161)
- ipproto-162 (162)
- ipproto-163 (163)
- ipproto-164 (164)
- ipproto-165 (165)
- ipproto-166 (166)
- ipproto-167 (167)
- ipproto-168 (168)
- ipproto-169 (169)
- ipproto-170 (170)
- ipproto-171 (171)
- ipproto-172 (172)
- ipproto-173 (173)
- ipproto-174 (174)
- ipproto-175 (175)
- ipproto-176 (176)
- ipproto-177 (177)
- ipproto-178 (178)
- ipproto-179 (179)
- ipproto-180 (180)
- ipproto-181 (181)
- ipproto-182 (182)
- ipproto-183 (183)
- ipproto-184 (184)
- ipproto-185 (185)
- ipproto-186 (186)
- ipproto-187 (187)
- ipproto-188 (188)
- ipproto-189 (189)
- ipproto-190 (190)
- ipproto-191 (191)
- ipproto-192 (192)
- ipproto-193 (193)
- ipproto-194 (194)
- ipproto-195 (195)
- ipproto-196 (196)
- ipproto-197 (197)
- ipproto-198 (198)
- ipproto-199 (199)
- ipproto-200 (200)
- ipproto-201 (201)
- ipproto-202 (202)
- ipproto-203 (203)
- ipproto-204 (204)
- ipproto-205 (205)
- ipproto-206 (206)
- ipproto-207 (207)
- ipproto-208 (208)
- ipproto-209 (209)
- ipproto-210 (210)
- ipproto-211 (211)
- ipproto-212 (212)
- ipproto-213 (213)
- ipproto-214 (214)
- ipproto-215 (215)
- ipproto-216 (216)
- ipproto-217 (217)
- ipproto-218 (218)
- ipproto-219 (219)
- ipproto-220 (220)
- ipproto-221 (221)
- ipproto-222 (222)
- ipproto-223 (223)
- ipproto-224 (224)
- ipproto-225 (225)
- ipproto-226 (226)
- ipproto-227 (227)
- ipproto-228 (228)
- ipproto-229 (229)
- ipproto-230 (230)
- ipproto-231 (231)
- ipproto-232 (232)
- ipproto-233 (233)
- ipproto-234 (234)
- ipproto-235 (235)
- ipproto-236 (236)
- ipproto-237 (237)
- ipproto-238 (238)
- ipproto-239 (239)
- ipproto-240 (240)
- ipproto-241 (241)
- ipproto-242 (242)
- ipproto-243 (243)
- ipproto-244 (244)
- ipproto-245 (245)
- ipproto-246 (246)
- ipproto-247 (247)
- ipproto-248 (248)
- ipproto-249 (249)
- ipproto-250 (250)
- ipproto-251 (251)
- ipproto-252 (252)
- ipproto-253 (253)
- ipproto-254 (254)
- dont-verify (255)
|
SrcPort |
The source port this SA covers, 0 for any. |
DstPort |
The destination port this SA covers, 0 for any. |
Seconds |
The number of seconds since this SA was created. |
Bytes |
The amount of data in kilobytes protected by this SA. |
Packets |
The number of packets protected by this SA. |
ReplayErrors |
The number of replayed packets detected for this SA. |
RecvErrors |
The number of receive errors (replayed packets not counted)
detected for this SA. |
DecryptErrors |
The number of decryption errors (ESP only) detected for
this SA. |
PeerIndex |
The index of the peer for which this SA was created. |
TrafficIndex |
The index of the traffic entry for which this SA was created. |
Heartbeats |
The number of heartbeats received / sent by this SA. |
Bundle |
unique id of SA-bundle within this SA is used. |
BundleNesting |
place of SA within SA-Bundle. |
BundleFlag |
true(1) SA completes whole SA-bundle
false(2) more SAs follow (SA-bundle is incomplete) Enumerations: |