IPSec provides a secure tunnel between two networked peer controllers or service platforms. Administrators can define which packets are sent within the tunnel, and how they are protected. When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet through the tunnel to its remote peer destination.
Use the IPSec VPN screen to assess the tunnel status between networked peers.
To view IPSec VPN status for tunneled peers:
Peer |
Lists IP addresses for peers sharing SAs for tunnel interoperability. When a peer sees a sensitive packet, it creates a secure tunnel and sends the packet through the tunnel to its destination. |
Local IP Address |
Displays each listed peer's local tunnel end point IP address. This address represents an alternative to an interface IP address. |
Protocol |
Lists the security protocol used with the VPN IPSec tunnel connection. SAs are unidirectional, existing in each direction and established per security protocol. Options include ESP and AH. |
State |
Lists the state of each listed peer's security association. |
SPI In |
Lists SPI (stateful packet inspection) status for incoming IPSec tunnel packets. SPI tracks each connection traversing the IPSec VPN tunnel and ensures they are valid. |
SPI Out |
Lists SPI status for outgoing IPSec tunnel packets. SPI tracks each connection traversing the IPSec VPN tunnel and ensures they are valid. |
Mode |
Displays the IKE mode as either Main or Aggressive. IPSec has two modes in IKEv1 for key exchanges. The Aggressive mode requires three messages be exchanged between the IPSEC peers to setup the SA. The Main mode requires six messages. |