|
Measures reported by IkeGlobTunstatTest
Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure connections between remote users and a private corporate network. Each secure connection is called a tunnel. The adaptive security appliance uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and IPsec accomplish the following:
- Negotiate tunnel parameters
- Establish tunnels
- Authenticate users and data
- Manage security keys
- Encrypt and decrypt data
- Manage data transfer across the tunnel
- Manage data transfer inbound and outbound as a tunnel endpoint or router
The adaptive security appliance functions as a bidirectional tunnel endpoint. It can receive plain packets from the private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. It can also receive encapsulated packets from the public network, unencapsulate them, and send them to their final destination on the private network.
This test measures the level of traffic to and from the IKE global tunnels.
The measures
made by this test are as
follows:
| Measurement |
Description |
Measurement
Unit |
Interpretation |
| Active_Tunnels |
Indicates the number of IPsec Phase-1 IKE Tunnels that are currently active
| Number |
IKE (Internet Key Exchange), also called ISAKMP, is the negotiation protocol that lets two hosts agree on how to build an IPsec security association. ISAKMP separates negotiation into two phases: Phase 1 and Phase 2. Phase 1 creates the first tunnel, which protects later ISAKMP negotiation messages. This measure reports the number of such tunnels that are currently active.
|
| In_Packets |
Indicates the number of packets received by all IPsec Phase-1 IKE tunnels
| Number |
|
| Out_Packets |
Indicates the number of packets sent by all IPsec Phase-1 IKE tunnels
| Number |
|
| Drop_In_Packets |
Indicates the number of packets that were dropped by all IPsec Phase-1 IKE tunnels while receiving data
| Number |
Ideally, this value should be low.
|
| Drop_Out_Packets |
Indicates the number of packets that were dropped by all IPsec Phase-1 IKE tunnels while sending data
| Number |
Ideally, this value should be low.
|
|