|
Measures reported by WgSaStatisticsTest
In Internet Protocol Security (IPSec), settings that establish policy and encryption keys used to protect communication between two end points in a Virtual Private Network (VPN). Security associations are negotiated between two computers during the first phase of establishing an Internet key Exchange (IKE) connection. These security associations establish shared session secrets from which keys are derived for encryption of tunneled data.
This test monitors the security association of the firewall and provides you with the exact numerical statistics of the data packets that were transmitted/received through protocols such as ESP, Authentication Header and IPComp that are part of the IPSec. This way, administrators could identify the protocol that is transmitting/receiving the maximum number of data packets and channelize the packet traffic accordingly!
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| ESP_total_inbound |
Indicates the amount of data that was received through the ESP protocol. |
Number |
ESP (Encapsulating Security Payload) provides authentication and encryption of data. ESP takes the original payload of a data packet and replaces it with encrypted data. It adds integrity checks to make sure that the data is not altered in transit, and that the data came from the proper source. |
| ESP_total_outbound |
Indicates the amount of data that was transmitted through the ESP protocol. |
Number |
|
| AH_total_inbound |
Indicates the amount of data that was received through the AH protocol. |
Number |
AH (Authentication Header) is a protocol that you can use in manual VPN negotiations. To provide security, AH adds authentication information to the IP datagram. Most VPN tunnels do not use AH because it does not provide encryption. |
| AH_total_outbound |
Indicates the amount of data that was transmitted through the AH protocol. |
Number |
|
| Ipcomp_total_inbound |
Indicates the amount of data that was received through the IPComp protocol. |
Number |
In networking IP Payload Compression Protocol, or IPComp, is a low level compression protocol for IP datagrams. The intent is to reduce the size of data transmitted over congested or slow network connections, thereby increasing the speed of such networks without losing data. According to the RFC requirements, compression must be done before fragmenting or encrypting the packet. It further states that each datagram must be compressed independently so it can be decompressed even if received out of order. This is important because it allows IPComp to work with both TCP and UDP network communications. |
| ipcomp_total_outbound |
Indicates the amount of data that was transmitted through the IpComp protocol. |
Number |
|
|