|
|
This section of the Manager shows statistics for traffic and activity on the VPN Concentrator since it was last booted or reset, and for current tunneled sessions, plus statistics in standard MIB-II objects for interfaces, TCP/UDP, IP, ICMP, and the ARP table.
This screen shows statistics for RADIUS user accounting activity on the VPN Concentrator since it was last booted or reset.
To configure the VPN Concentrator to communicate with RADIUS accounting servers, see the Configuration | System | Servers | Accounting screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The IP address of the configured RADIUS user accounting server, and the port number that the VPN Concentrator is using to access the server. Each configured accounting server is a row in this table. The well-known port number for RADIUS accounting is 1646.
The group on which the server is configured.
The number of accounting request packets sent to this RADIUS accounting server. This number does not include retransmissions.
The number of accounting request packets retransmitted to this RADIUS accounting server.
The number of accounting response packets received from this RADIUS accounting server.
The number of malformed accounting response packets received from this RADIUS accounting server. Malformed packets include packets with an invalid length. Bad authenticators are not included in this number.
The number of accounting response packets received from this server that contained invalid authenticators.
The number of accounting request packets sent to this RADIUS accounting server that have not yet timed out or received a response.
The number of accounting timeouts to this RADIUS server. After a timeout the system may retry the same server, send to a different server, or give up. Retrying the same server is counted as a retransmission as well as a timeout. Sending to a different server is counted as a request as well as a timeout.
The number of RADIUS packets of unknown type received from this server on the accounting port.
This screen shows statistics for address pool activity on the VPN Concentrator since it was last booted or reset. This data appears if the VPN Concentrator is configured to assign IP addresses to clients from an internal address pool.
To configure address pools, see the Configuration | System | Address Management screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The starting and ending IP addresses in the configured address pool. Each configured range is a row in the table.
The total number of IP addresses in this configured pool.
The number of IP addresses available (unassigned) in this pool.
The number of IP addresses currently assigned from this pool.
The maximum number of IP addresses assigned from this pool at any one time.
The names of configured groups.
The starting and ending IP addresses in the group's address pool. Each configured range is a row in the table.
The total number of IP addresses in the address pool of this group.
The number of IP addresses available (unassigned) in this group's pool.
The number of IP addresses currently assigned from this group's pool.
The maximum number of IP addresses assigned from this group's pool at any one time.
If you have configured a TACACS+ server, this screen shows statistics for communications between the VPN Concentrator and the TACACS+ server since the VPN Concentrator was last booted or reset.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The IP address of the TACACS+ server.
The number of requests for authentication, information, or authorization from the VPN Concentrator to the TACACS+ server.
The number of successful authentications.
The number of rejected authentications.
The number of requests that have not yet been answered.
The number of times the VPN Concentrator timed out waiting for a request.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
This screen shows statistics for user authentication activity on the VPN Concentrator since it was last booted or reset.
 |
Note Not all fields apply to all types of authentication servers. |
To configure the VPN Concentrator to communicate with authentication servers, see the Configuration | System | Servers | Authentication screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The IP address of the configured authentication server, and the port number that the VPN Concentrator is using to access the server. Each configured authentication server is a row in this table. Internal identifies the internal VPN Concentrator authentication server.
When the authentication server is an SDI 5.0 server, this field becomes a link. Click the link to view the Monitoring | Statistics | Authentication | Replicas screen, which displays a list of replicas, and data about them (see the next section).
The default, or well-known, port numbers identify an authentication server type:
The group on which the server is configured.
The total number of authentication request packets sent to this server. This number does not include retransmissions.
The number of authentication request packets retransmitted to this server.
The number of authentication acceptance packets received from this server.
The number of authentication rejection packets received from this server.
The number of authentication challenge packets received from this server.
The number of malformed authentication response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators are not included in this number.
The number of bad authentication response packets received from this server. Bad authenticators contain invalid authenticators or signature attributes.
The number of authentication request packets destined for this server that have not yet timed out or received a response.
The number of authentication timeouts to this server. After a timeout the system might retry the same server, send to a different server, or give up. Retrying the same server is counted as a retransmission as well as a timeout. Sending to a different server is counted as a request as well as a timeout.
The number of authentication packets of unknown type received from this server.
This screen shows statistics for SDI 5.0 user authentication activity on the VPN Concentrator since it was last booted or reset.
The IP address of the configured SDI authentication server, and the port number that the VPN Concentrator is using to access the server.
The default, or well-known, port numbers for an SDI 5.0 authentication server is 5500.
The group on which the server is configured.
The number of authentication request packets retransmitted to this server.
The number of authentication acceptance packets received from this server.
The number of authentication rejection packets received from this server.
The number of authentication timeouts to this server. After a timeout the system might retry the same server, send to a different server, or give up. Retrying the same server is counted as a retransmission as well as a timeout. Sending to a different server is counted as a request as well as a timeout.
The number of bad code packets received from this server. Bad code packets indicate invalid SecurID token code.
The number of bad pin packets received from this server. Bad pin packets indicate invalid user identification.
This screen shows statistics for user authorization activity on the VPN Concentrator since it was last booted or reset.
To configure the VPN Concentrator to communicate with authorization servers, see the Configuration | System | Servers | Authorization screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The IP address of the configured authorization server, and the port number that the VPN Concentrator is using to access the server. Each configured authorization server is a row in this table. Internal identifies the internal VPN Concentrator authorization server.
The default, or well-known, port numbers identify an authorization server type:
The group on which the server is configured.
The total number of authorization request packets sent to this server. This number does not include retransmissions.
The number of authorization request packets retransmitted to this server.
The number of authorization acceptance packets received from this server.
The number of authorization rejection packets received from this server.
The number of authorization challenge packets received from this server.
The number of malformed authorization response packets received from this server. Malformed packets include packets with an invalid length. Bad authorizations are not included in this number.
The number of bad authorization response packets received from this server. Bad authenticators contain invalid authenticators or signature attributes.
The number of authorization request packets destined for this server that have not yet timed out or received a response.
The number of authorization timeouts to this server. After a timeout the system might retry the same server, send to a different server, or give up. Retrying the same server is counted as a retransmission as well as a timeout. Sending to a different server is counted as a request as well as a timeout.
The number of authorization packets of unknown type received from this server.
This screen shows details of the effects of bandwidth management policies on each tunnel. Only tunnels on which bandwidth management policies are enabled appear on this screen.
Choose a group from the Group menu to show bandwidth statistics for users in that group only. The default value is --All--, which displays bandwidth statistics for users in all groups.
The user name identifying a tunnel using a bandwidth management policy.
The current rate of session traffic (as set by the bandwidth management policy).
The rate at which packets are being throttled to maintain the conformed rate.
The number of bytes of session traffic (as set by the bandwidth management policy).
The number of bytes being throttled to maintain the conformed rate.
If you have enabled data compression, this screen shows statistics for data compression on the VPN Concentrator since it was last booted or reset.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
This screen shows statistics for IPSec data compression using the IPComp compression protocol.
|
Note The following IPComp statistics measure the results of compression on all incoming and outgoing data, including data not intended for compression and data that is not compressible. |
The total number of bytes of all outbound data before compression.
The total number of bytes of all outbound data after compression.
The ratio of Outbound Pre-Compression to Outbound Post-Compression.
The total number of bytes of all incoming data before any of it is decompressed.
The total number of bytes of all incoming data after decompression.
The ratio of Inbound Post-Decompression to Inbound Pre-Decompression.
This table shows statistics for L2TP and PPTP data compression using the MPPC compression protocol. These MPPC statistics use the following distinctions. (See Figure 17-10.) All data transmitted can be divided into two groups: data intended for compression (A) and data that is not intended for compression (B). Of the data intended for compression, some of it actually compresses (A1) and some does not (A2). (The compression process would actually cause certain data to expand, so this data is left uncompressed.)
The total number of reset requests received from the remote peer.
The total number of reset requests sent to the remote peer.
The total number of bytes of outbound data intended for compression. ("A" in Figure 17-10.)
The total number of bytes of outbound data actually compressed. ("A1" in Figure 17-10.)
The total number of bytes of data intended for compression that were not compressed. The compression process would actually cause certain data to expand, so this data is left uncompressed. ("A2" in Figure 17-10.)
The ratio of Outbound Pre-Compression to (Outbound Post-Compression + Outbound Not Compressed).
The ratio of Outbound Pre-Compressed to Outbound Not Compressed.
The total number of bytes of incoming data intended for decompression. ("A" in Figure 17-10.)
The total number of bytes of incoming data actually decompressed. ("A1" in Figure 17-10.)
The total number of uncompressed inbound data bytes of the data. ("A2" in Figure 17-10.)
The ratio of (Inbound Post-Decompression + Inbound Not Compressed) to Inbound Pre-Decompression.
The ratio of Inbound Pre-Decompression to Inbound Not Compressed.
This screen shows statistics for DHCP (Dynamic Host Configuration Protocol) activity on the VPN Concentrator since it was last booted or reset. Each row of the table shows data for each session using an IP address via DHCP.
To identify DHCP servers to the VPN Concentrator, see Configuration | System | Servers | DHCP. To configure system-wide DHCP functions within the VPN Concentrator, see Configuration | System | IP Routing | DHCP. To use DHCP to assign addresses to clients, see the Configuration | System | Address Management | Assignment screen.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The IP address leased from the DHCP server by the remote client.
The duration of the current IP address lease, shown as HH:MM:SS.
The total length of time that this session has had an active IP address lease, shown as HH:MM:SS.
The time remaining until the current IP address lease expires, shown as HH:MM:SS.
The IP address of the DHCP server that leased this IP address.
This screen shows statistics for DNS (Domain Name System) activity on the VPN Concentrator since it was last booted or reset.
To configure the VPN Concentrator to communicate with DNS servers, see the Configuration | System | Servers | DNS screen.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of DNS queries the VPN Concentrator made since it was last booted or reset. This number equals the sum of the numbers in the four cells below.
The number of DNS queries that were successfully resolved.
The number of DNS queries that failed because there was no response from the server.
The number of DNS queries that failed because the address of the server is not reachable according to the VPN Concentrator's routing table.
The number of DNS queries that failed for an unspecified reason.
This screen shows statistics for all events on the VPN Concentrator since it was last booted or reset.
To configure event handling, see the Configuration | System | Events screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Event class denotes the source of the event and refers to a specific hardware or software subsystem within the VPN Concentrator. For a description of event classes, see VPN 3000 Series Concentrator Reference Volume 1: Configuration.
Event number is an Cisco-assigned reference number that denotes a specific event within the event class. For example, CONFIG event number 2 is "Reading configuration file." This reference number assists Cisco support personnel if they need to examine event statistics.
The number of times that specific event has occurred on the VPN Concentrator since it was last booted or reset.
This screen shows statistics for filtering of traffic that has passed through the interfaces on the VPN Concentrator since it was last booted or reset.
To configure filters, see the Configuration | Policy Management | Traffic Management screens. To apply filters to interfaces, see the Configuration | Interfaces screens. To apply filters to users and groups, see the Configuration | User Management screens.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The VPN Concentrator network interface through which the filtered traffic has passed.
The total number of inbound packets received on this interface.
The number of inbound packets that have been filtered and dropped on this interface.
The number of inbound packets that have been filtered and forwarded on this interface. This number equals Inbound Packets Pre-Filter minus Inbound Packets Filtered.
The total number of outbound packets received on this interface.
The number of outbound packets that have been filtered and dropped on this interface.
The number of outbound packets that have been filtered and forwarded on this interface. This number equals Outbound Packets Pre-Filter minus Outbound Packets Filtered.
This screen shows statistics for HTTP activity on the VPN Concentrator since it was last booted or reset.
To configure system-wide HTTP server parameters, see the Configuration | System | Management Protocols | HTTP screen.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of HTTP octets (bytes) sent or received since the VPN Concentrator was last booted or reset.
The total number of HTTP packets sent or received since the VPN Concentrator was last booted or reset.
The number of HTTP sessions on the VPN Concentrator.
The number of currently active HTTP connections on the VPN Concentrator.
The maximum number of HTTP connections that were simultaneously active on the VPN Concentrator since it was last booted or reset.
The total number of HTTP connections on the VPN Concentrator since it was last booted or reset.
This section provides information about HTTP sessions on the VPN Concentrator since it was last booted or reset.
The name of the administrative user for the HTTP session.
The IP address of the HTTP session.
The time when the HTTP session began.
The encryption method used in the HTTP session.
Number of octets sent or received during the HTTP session.
Number of packets sent or received during the HTTP session.
The number of currently active sockets for the HTTP session.
The maximum number of sockets simultaneously active during the HTTP session.
The total number of sockets active during the HTTP session.
The maximum number of concurrent HTTP connections for the VPN Concentrator since it was last rebooted or reset.
This screen shows statistics for IPSec activity—including current IPSec tunnels—on the VPN Concentrator since it was last booted or reset. These statistics conform to the IETF draft for the IPSec Flow Monitoring MIB.
The Monitoring | Sessions | Detail screens also show IPSec data.
To configure system-wide IPSec parameters and LAN-to-LAN connections, see the Configuration | System | Tunneling Protocols | IPSec screens. To configure IPSec parameters for users and groups, see Configuration | User Management. To configure IPSec parameters and SAs on rules in filters that govern data traffic, see Configuration | Policy Management | Traffic Management.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
This table provides IPSec Phase 1 (IKE: Internet Key Exchange) global statistics. During IPSec Phase 1 (IKE), the two peers establish control tunnels through which they negotiate Security Associations.
The number of currently active IKE control tunnels, both for LAN-to-LAN connections and remote access.
The cumulative total of all currently and previously active IKE control tunnels, both for LAN-to-LAN connections and remote access.
The cumulative total of bytes (octets) received by all currently and previously active IKE tunnels.
The cumulative total of bytes (octets) sent by all currently and previously active IKE tunnels.
The cumulative total of packets received by all currently and previously active IKE tunnels.
The cumulative total of packets sent by all currently and previously active IKE tunnels.
The cumulative total of packets that were dropped during receive processing by all currently and previously active IKE tunnels. If there is a problem with the content of a packet (such as hash failure, parsing error, or encryption failure) received in Phase 1 or the negotiation of Phase 2, the system drops the packet. This number should be zero or very small; if not, check for misconfiguration.
The cumulative total of packets that were dropped during send processing by all currently and previously active IKE tunnels. This number should be zero; if not, check for a network problem, check the event log for an internal subsystem failure, or contact Cisco support.
The cumulative total of notify packets received by all currently and previously active IKE tunnels. A notify packet is an informational packet that is sent in response to a bad packet or to indicate status, for example: error packets, keepalive packets, etc.
The cumulative total of notify packets sent by all currently and previously active IKE tunnels. See comments for Received Notifies.
The cumulative total of IPSec Phase-2 exchanges received by all currently and previously active IKE tunnels, in other words, the total of Phase-2 negotiations received that were initiated by a remote peer. A complete exchange consists of three packets.
The cumulative total of IPSec Phase-2 exchanges that were sent by all currently and previously active and IKE tunnels, in other words, the total of Phase-2 negotiations initiated by this VPN Concentrator.
The cumulative total of IPSec Phase-2 exchanges that were received, found to be invalid because of protocol errors, and dropped, by all currently and previously active IKE tunnels. In other words, the total of Phase-2 negotiations that were initiated by a remote peer but that this VPN Concentrator dropped because of protocol errors.
The cumulative total of IPSec Phase-2 exchanges that were sent and were found to be invalid, by all currently and previously active IKE tunnels.
The cumulative total of IPSec Phase-2 exchanges that were initiated by a remote peer, received, and rejected by all currently and previously active IKE tunnels. Rejected exchanges indicate policy-related failures, such as configuration problems.
The cumulative total of IPSec Phase-2 exchanges that were initiated by this VPN Concentrator, sent, and rejected, by all currently and previously active IKE tunnels. See the previous comment.
The cumulative total of requests to delete IPSec Phase-2 Security Associations received by all currently and previously active IKE tunnels.
The cumulative total of requests to delete IPSec Phase-2 Security Associations sent by all currently and previously active IKE tunnels.
The cumulative total of IKE tunnels that this VPN Concentrator initiated. The VPN Concentrator initiates tunnels only for LAN-to-LAN connections.
The cumulative total of IKE tunnels that this VPN Concentrator initiated and that failed to activate.
The cumulative total of IKE tunnels that remote peers initiated and that failed to activate.
The cumulative total of authentication attempts that failed, by all currently and previously active IKE tunnels. Authentication failures indicate problems with preshared keys, digital certificates, or user-level authentication.
The cumulative total of decryptions that failed, by all currently and previously active IKE tunnels. This number should be at or near zero; if not, check for misconfiguration or SEP module problems.
The cumulative total of hash validations that failed, by all currently and previously active IKE tunnels. Hash validation failures usually indicate misconfiguration or mismatched preshared keys or digital certificates.
The cumulative total of system capacity failures that occurred during processing of all currently and previously active IKE tunnels. These failures indicate that the system has run out of memory, or that the tunnel count exceeds the system maximum.
The cumulative total of nonexistent-Security Association failures that occurred during processing of all currently and previously active IKE tunnels. These failures occur when the system receives a packet for which it has no Security Association, and might indicate synchronization problems.
This table provides IPSec Phase 2 global statistics. During IPSec Phase 2, the two peers negotiate Security Associations that govern traffic within the tunnel.
The number of currently active IPSec Phase-2 tunnels, both for LAN-to-LAN connections and remote access.
The cumulative total of all currently and previously active IPSec Phase-2 tunnels, both for LAN-to-LAN connections and remote access.
The cumulative total of bytes (octets) received by all currently and previously active IPSec Phase-2 tunnels, before decompression. In other words, total bytes of IPSec-only data received by the IPSec subsystem, before decompressing the IPSec payload.
The cumulative total of bytes (octets) sent by all currently and previously active IPSec Phase-2 tunnels, after compression. In other words, total bytes of IPSec-only data sent by the IPSec subsystem, after compressing the IPSec payload.
The cumulative total of packets received by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of packets sent by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of packets dropped during receive processing by all currently and previously active IPSec Phase-2 tunnels, excluding packets dropped due to anti-replay processing. If there is a problem with the content of a packet, the system drops the packet. This number should be zero or very small; if not, check for misconfiguration.
The cumulative total of packets dropped during receive processing due to anti-replay errors, by all currently and previously active IPSec Phase-2 tunnels. If the sequence number of a packet is a duplicate or out of bounds, there might be a faulty network or a security breach, and the system drops the packet.
The cumulative total of packets dropped during send processing by all currently and previously active IPSec Phase-2 tunnels. This number should be zero; if not, check for a network problem, check the event log for an internal subsystem failure, or contact Cisco support.
The cumulative total number of inbound individual packet authentications performed by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of inbound packet authentications that failed, by all currently and previously active IPSec Phase-2 tunnels. Failed authentications could indicate corrupted packets or a potential security attack ("man in the middle").
The cumulative total of outbound individual packet authentications performed by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of outbound packet authentications that failed, by all currently and previously active IPSec Phase-2 tunnels. This number should be zero or very small; if not, check the event log for an internal IPSec subsystem problem.
The cumulative total of inbound decryptions performed by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of inbound decryptions that failed, by all currently and previously active IPSec Phase-2 tunnels. This number should be zero or very small; if not, check for misconfiguration or SEP module problems.
The cumulative total of outbound encryptions performed by all currently and previously active IPSec Phase-2 tunnels.
The cumulative total of outbound encryptions that failed, by all currently and previously active IPSec Phase-2 tunnels. This number should be zero or very small; if not, check for IPSec subsystem or SEP module problems.
The total number of system capacity failures that occurred during processing of all currently and previously active IPSec Phase-2 tunnels. These failures indicate that the system has run out of memory or some other critical resource; check the event log.
The cumulative total of nonexistent-Security Association failures which occurred during processing of all currently and previously active IPSec Phase-2 tunnels. These failures occur when the system receives an IPSec packet for which it has no Security Association, and might indicate synchronization problems.
The cumulative total of protocol use failures that occurred during processing of all currently and previously active IPSec Phase-2 tunnels. These failures indicate errors parsing IPSec packets.
This screen shows statistics for L2TP activity on the VPN Concentrator since it was last booted or reset, and for current L2TP sessions.
The Monitoring | Sessions | Detail screens also show L2TP data.
To configure system-wide L2TP parameters, see the Configuration | System | Tunneling Protocols | L2TP screen. To configure L2TP parameters for users and groups, see Configuration | User Management. To configure L2TP on rules in filters that govern data traffic, see Configuration | Policy Management | Traffic Management.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of L2TP tunnels successfully established since the VPN Concentrator was last booted or reset.
The number of L2TP tunnels that are currently active.
The maximum number of L2TP tunnels that have been simultaneously active on the VPN Concentrator since it was last booted or reset.
The number of L2TP tunnels that failed to become established since the VPN Concentrator was last booted or reset.
The total number of user sessions successfully established through L2TP tunnels since the VPN Concentrator was last booted or reset.
The number of user sessions that are currently active through PPTP tunnels. The L2TP Sessions table shows statistics for these sessions.
The maximum number of user sessions that have been simultaneously active through L2TP tunnels on the VPN Concentrator since it was last booted or reset.
The number of sessions that failed to become established through L2TP tunnels since the VPN Concentrator was last booted or reset.
The number of L2TP control / data channel octets (bytes) received by the VPN Concentrator since it was last booted or reset.
The number of L2TP control / data channel packets received by the VPN Concentrator since it was last booted or reset.
The number of L2TP control / data channel packets received and discarded by the VPN Concentrator since it was last booted or reset.
The number of L2TP control/data channel octets (bytes) transmitted by the VPN Concentrator since it was last booted or reset.
The number of L2TP control/data channel packets transmitted by the VPN Concentrator since it was last booted or reset.
This table shows statistics for active L2TP sessions on the VPN Concentrator. Each active session is a row.
The IP address of the remote host that established the L2TP tunnel for this session, in other words, the tunnel endpoint IP address. The Monitoring | Sessions screen shows the IP address assigned to the client using the tunnel.
The username for the session within an L2TP tunnel. This is typically the login name of the remote user.
The serial number of the session within an L2TP tunnel. If there are multiple sessions using a tunnel, each session has a unique serial number.
The total number L2TP data octets (bytes) received by this session.
The total number of L2TP data packets received by this session.
The total number of L2TP data packets received and discarded by this session.
The total number of L2TP Zero Length Body acknowledgement data packets received by this session. ZLB packets are sent as acknowledgement packets when there is no data packet on which to piggyback an acknowledgement.
The total number of L2TP data octets (bytes) transmitted by this session.
The total number of L2TP data packets transmitted by this session.
The total number of L2TP Zero Length Body acknowledgement packets transmitted by this session. ZLB packets are sent as acknowledgement packets when there is no data packet on which to piggyback an acknowledgement.
This screen shows statistics for load balancing on the VPN Concentrator since it was last booted or reset.
Indicates whether load balancing has been enabled on this VPN Concentrator.
The role of this VPN Concentrator within the virtual cluster. It is either a virtual cluster master or a secondary device.
The percentage of the cluster's total session load that this VPN Concentrator is carrying.
The number of other VPN Concentrators in the virtual cluster.
The peers chart shows configuration details and session statistics of the other VPN Concentrators in the virtual cluster.
The private IP address of the peer.
The public IP address of the peer.
The NAT address of the peer, if it has one.
The role of the peer within the virtual cluster. It is either a virtual cluster master or a secondary device.
The VPN Concentrator model (such as 3005 or 3015) of the peer.
The percentage of the cluster's total session load that the peer is carrying. You can view this information only from the virtual cluster master device. If you are viewing this field from a secondary device, its value is N/A.
The number of currently active sessions on the peer. You can view this information only from the virtual cluster master device. If you are viewing this field from a secondary device, its value is N/A.
The likelihood that this peer will become the master at power-up or if the current master fails. For more information on priorities, see the Configuration | System | Load Balancing section.
The length of time this device has been connected to the virtual cluster.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
This screen shows statistics for NAT (Network Address Translation) activity on the VPN Concentrator since it was last booted or reset.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total of NAT packets inbound and outbound since the last time the VPN Concentrator was rebooted or reset.
The number of currently active NAT sessions.
The maximum number of NAT sessions that were simultaneously active on the VPN Concentrator since it was last booted or reset.
The total number of NAT sessions on the VPN Concentrator since it was last booted or reset.
The following sections provide detailed information about active NAT sessions on the VPN Concentrator.
The source IP address and port for the NAT session.
The destination IP address and port for the NAT session.
The translated IP address and port for the NAT session. The VPN Concentrator uses this port number to keep track of which devices initiate data transfer; by keeping this record, the VPN Concentrator is able to correctly route responses.
The direction, inbound or outbound, of the data transferred for the NAT session.
The number of half seconds remaining until the NAT session times out.
The type of packets for the NAT session. The possible types are:
The total number of translated bytes and packets for the NAT session.
This screen shows statistics for PPTP activity on the VPN Concentrator since it was last booted or reset, and for current PPTP sessions.
The Monitoring | Sessions | Detail screens also show PPTP data.
To configure system-wide PPTP parameters, see the Configuration | System | Tunneling Protocols | PPTP screen. To configure PPTP parameters for users and groups, see Configuration | User Management. To configure PPTP on rules in filters that govern data traffic, see Configuration | Policy Management | Traffic Management.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of PPTP tunnels created since the VPN Concentrator was last booted or reset, including those tunnels that failed to be established.
The number of PPTP tunnels that are currently active.
The maximum number of PPTP tunnels that have been simultaneously active on the VPN Concentrator since it was last booted or reset.
The total number of user sessions through PPTP tunnels since the VPN Concentrator was last booted or reset.
The number of user sessions that are currently active through PPTP tunnels. The PPTP Sessions table shows statistics for these sessions.
The maximum number of user sessions that have been simultaneously active through PPTP tunnels on the VPN Concentrator since it was last booted or reset.
The number of PPTP control/data octets (bytes) received by the VPN Concentrator since it was last booted or reset.
The number of PPTP control/data packets received by the VPN Concentrator since it was last booted or reset.
The number of PPTP control/data packets received and discarded by the VPN Concentrator since it was last booted or reset.
The number of PPTP control/data octets (bytes) transmitted by the VPN Concentrator since it was last booted or reset.
The number of PPTP control/data packets transmitted by the VPN Concentrator since it was last booted or reset.
This table shows statistics for active PPTP sessions on the VPN Concentrator. Each active session is a row.
The IP address of the peer host that established the PPTP tunnel for this session, in other words, the tunnel endpoint IP address. The Monitoring | Sessions screen shows the IP address assigned to the client using the tunnel.
The username for the session within a PPTP tunnel. This is typically the login name of the remote user.
The total number of PPTP data octets (bytes) received by this session.
The total number of PPTP data packets received by this session.
The total number of PPTP data packets received and discarded by this session.
The total number of PPTP Zero Length Body acknowledgement data packets received by this session. ZLB packets are sent as GRE acknowledgement packets when there is no data packet on which to piggyback an acknowledgement.
The total number of PPTP data octets (bytes) transmitted by this session.
The total number of PPTP data packets transmitted by this session.
The total number of PPTP Zero Length Body acknowledgement packets transmitted by this session. ZLB packets are sent as GRE acknowledgement packets when there is no data packet on which to piggyback an acknowledgement.
The total number of acknowledgement timeouts seen on PPTP data packets for this session. When the system times out waiting for a data packet on which to piggyback an acknowledgement, it sends a ZLB instead. Therefore, this number should equal the Transmit ZLB number.
The state of packet flow control for this PPTP session:
This screen shows statistics for SSH (Secure Shell) protocol traffic on the VPN Concentrator since it was last booted or reset.
To configure SSH, see Configuration | System | Management Protocols | SSH.
The total number of SSH octets (bytes) sent / received since the VPN Concentrator was last booted or reset.
The total number of SSH packets sent / received since the VPN Concentrator was last booted or reset.
The total number of SSH sessions since the VPN Concentrator was last booted or reset.
The number of currently active SSH sessions.
The maximum number of simultaneously active SSH sessions on the VPN Concentrator.
This screen shows statistics for SSL (Secure Sockets Layer) protocol traffic on the VPN Concentrator since it was last booted or reset.
To configure SSL, see Configuration | System | Management Protocols | SSL.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The number of octets (bytes) of inbound traffic output by the decryption engine.
The number of octets (bytes) of encrypted inbound traffic sent to the decryption engine. This number includes negotiation traffic.
The number of unencrypted outbound octets (bytes) sent to the encryption engine.
The number of octets (bytes) of outbound traffic output by the encryption engine. This number includes negotiation traffic.
The total number of SSL sessions.
The number of currently active SSL sessions.
The maximum number of SSL sessions simultaneously active at any one time.
This screen shows statistics for Telnet activity on the VPN Concentrator since it was last booted or reset, and for current Telnet sessions.
To configure the VPN Concentrator's Telnet server, see the Configuration | System | Management Protocols | Telnet screen.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The number of active Telnet sessions. The Telnet Sessions table shows statistics for these sessions.
The total number of attempts to establish Telnet sessions on the VPN Concentrator since it was last booted or reset.
The total number of Telnet sessions successfully established on the VPN Concentrator since it was last booted or reset.
This table shows statistics for active Telnet sessions on the VPN Concentrator. Each active session is a row.
The IP address and TCP source port number of this session's remote Telnet client.
The total number of Telnet octets (bytes) received by this session.
The number of octets (bytes) containing Telnet commands or options, received by this session.
The number of Telnet octets (bytes) received and dropped during input processing by this session.
The total number of Telnet octets (bytes) transmitted by this session.
The number of outbound Telnet octets dropped during output processing by this session.
This screen shows status and statistics for VRRP (Virtual Router Redundancy Protocol) activity on the VPN Concentrator since it was last booted or reset.
To configure VRRP, see the Configuration | System | IP Routing | Redundancy screen.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of VRRP packets received with an invalid VRRP checksum value.
The total number of VRRP packets received with an unknown or unsupported version number. The VPN Concentrator supports VRRP version 2 as defined in RFC 2338.
The total number of VRRP packets received with an invalid VRRP Group ID number.
The identification number that uniquely identifies the group of virtual routers to which this VPN Concentrator belongs.
This table shows statistics for the virtual router on each configured VRRP interface on this VPN Concentrator.
The Ethernet interface configured for VRRP.
The status of the VRRP router in this VPN Concentrator:
The total number of times that this VPN Concentrator has become a VRRP Master router after having a different role. This number should be the same in all columns.
The total number of VRRP advertisements received by this interface.
The total number of VRRP advertisement packets received by this interface, in which the advertisement interval differs from the interval configured on this VPN Concentrator.
The total number of VRRP packets received by this interface that do not pass the authentication check.
The total number of VRRP packets received by this interface with IP TTL (Time-To-Live) not equal to 255. All VRRP packets must have TTL = 255.
The total number of VRRP packets received by this interface with a priority of 0. Priority 0 packets indicate that the current Master router has stopped participating in VRRP.
The total number of VRRP packets sent by this interface with a priority of 0. Priority 0 packets indicate that the current Master router has stopped participating in VRRP.
The number of VRRP packets received by this interface with an invalid value in the Type field. For VRRP version 2, the only valid Type value is 1, which indicates an advertisement packet.
The total number of packets received for which the address list does not match the list configured on this VPN Concentrator.
The total number of packets received by this interface with an unknown authentication type.
The total number of packets received by this interface with an authentication type that differs from the configured authentication type.
The total number of packets received by this interface with a packet length less than the length of the VRRP header.
This section of the Manager lets you view statistics that are recorded in standard MIB-II objects on the VPN Concentrator. MIB-II (Management Information Base, version 2) objects are variables that contain data about the system. They are defined as part of the Simple Network Management Protocol (SNMP); and SNMP-based network management systems can query the VPN Concentrator to gather the data.
Each subsequent screen displays the data for a standard MIB-II group of objects:
To configure and enable the VPN Concentrator's SNMP server, see the Configuration | System | Management Protocols | SNMP screen.
This screen shows statistics in MIB-II objects for VPN Concentrator interfaces since the system was last booted or reset. This screen also shows statistics for VPN tunnels as logical interfaces. RFC 2233 defines interface MIB objects.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The VPN Concentrator interface:
The operational status of this interface:
The number of unicast packets that were received by this interface. Unicast packets are those addressed to a single host.
The number of unicast packets that were routed to this interface for transmission, including those that were discarded or not sent. Unicast packets are those addressed to a single host.
The number of multicast packets that were received by this interface. Multicast packets are those addressed to a specific group of hosts.
The number of multicast packets that were routed to this interface for transmission, including those that were discarded or not sent. Multicast packets are those addressed to a specific group of hosts.
The number of broadcast packets that were received by this interface. Broadcast packets are those addressed to all hosts on a network.
The number of broadcast packets that were routed to this interface for transmission, including those that were discarded or not sent. Broadcast packets are those addressed to all hosts on a network.
This screen shows statistics in MIB-II objects for TCP and UDP traffic on the VPN Concentrator since it was last booted or reset. RFC 2012 defines TCP MIB objects, and RFC 2013 defines UDP MIB objects.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of segments received, including those received in error and those received on currently established connections. Segment is the official TCP name for what is often called a data packet.
The total number of segments sent, including those on currently established connections but excluding those containing only retransmitted bytes. Segment is the official TCP name for what is casually called a data packet.
The total number of segments retransmitted; that is, the number of TCP segments transmitted containing one or more previously transmitted bytes. Segment is the official TCP name for what is casually called a data packet.
The minimum value permitted for TCP retransmission timeout, measured in milliseconds.
The maximum value permitted for TCP retransmission timeout, measured in milliseconds.
The limit on the total number of TCP connections that the system can support. A value of -1 means there is no limit.
The number of TCP connections that went directly from an unconnected state to a connection-synchronizing state, bypassing the listening state. These connections are allowed, but they are usually in the minority.
The number of TCP connections that went from a listening state to a connection-synchronizing state. These connections are usually in the majority.
The number of TCP connection attempts that failed. Technically this is the number of TCP connections that went to an unconnected state, plus the number that went to a listening state, from a connection-synchronizing state.
The number of established TCP connections that abruptly closed, bypassing graceful termination.
The number of TCP connections that are currently established or are gracefully terminating.
The total number of UDP datagrams received. Datagram is the official UDP name for what is casually called a data packet.
The total number of UDP datagrams sent. Datagram is the official UDP name for what is casually called a data packet.
The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port (UDP No Port). Datagram is the official UDP name for what is casually called a data packet.
The total number of received UDP datagrams that could not be delivered because there was no application at the destination port. Datagram is the official UDP name for what is casually called a data packet.
This screen shows statistics in MIB-II objects for IP traffic on the VPN Concentrator since it was last booted or reset. RFC 2011 defines IP MIB objects.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of IP data packets received by the VPN Concentrator, including those received with errors.
The number of IP data packets received and discarded due to errors in IP headers, including bad check sums, version number mismatches, other format errors, etc.
The number of IP data packets received and discarded because the IP address in the destination field was not a valid address for the VPN Concentrator. This count includes invalid addresses (for example, 0.0.0.0) and addresses of unsupported classes (for example, Class E).
The number of IP data packets received and discarded because of an unknown or unsupported protocol.
The number of IP data packets received that had no problems preventing continued processing, but that were discarded (for example, for lack of buffer space). This number does not include any packets discarded while awaiting reassembly.
The number of IP data packets received and successfully delivered to IP user protocols (including ICMP) on the VPN Concentrator; i.e., the VPN Concentrator was the final destination.
The number of IP data packets received and forwarded to destinations other than the VPN Concentrator.
The number of outbound IP data packets that had no problems preventing their transmission to a destination, but that were discarded (for example, for lack of buffer space).
The number of outbound IP data packets discarded because no route could be found to transmit them to their destination. This number includes any packets that the VPN Concentrator could not route because all of its default routers are down.
The number of IP data packets that local IP user protocols (including ICMP) supplied to transmission requests. This number does not include any packets counted in Packets Forwarded.
The number of IP fragments received by the VPN Concentrator that needed to be reassembled.
The number of IP data packets successfully reassembled.
The number of failures detected by the IP reassembly algorithm (for whatever reason: timed out, errors, etc.). This number is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received.
The number of IP data packets that have been successfully fragmented by the VPN Concentrator.
The number of IP data packets that have been discarded because they needed to be fragmented but could not be fragmented (for example, because the Don't Fragment flag was set).
The number of IP data packet fragments that have been generated by the VPN Concentrator.
This screen shows statistics in MIB-II objects for RIP version 2 traffic on the VPN Concentrator since it was last booted or reset. RFC 1724 defines RIP version 2 MIB objects.
To configure RIP on interfaces, see Configuration | Interfaces.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of route changes made to the IP route database by RIP. This number does not include changes that only refresh the age route of a route.
The total number of responses sent to RIP queries from other systems.
This table shows a row of statistics for each configured interface.
The IP address configured on the interface.
The number of RIP response packets received by this interface that were subsequently discarded for any reason (such as wrong version or unknown command type).
The number of routes in valid RIP packets received by this interface that were ignored for any reason (such as unknown address family or invalid metric).
The number of triggered RIP updates actually sent by this interface. This number does not include full updates sent containing new information.
This screen shows statistics in MIB-II objects for OSPF version 2 traffic on the VPN Concentrator since it was last booted or reset. RFC 1850a defines OSPF version 2 MIB objects.
To configure OSPF on interfaces, see Configuration | Interfaces. To configure system-wide OSPF parameters, see Configuration | System | IP Routing.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The VPN Concentrator OSPF router ID. This ID uniquely identifies the VPN Concentrator to other OSPF routers in its domain. While the format is that of an IP address, it functions only as an identifier and not an address. By convention, however, this identifier is the same as the IP address of the interface that is connected to the OSPF router network. 0.0.0.0 means no router is configured.
The current version number of the OSPF protocol running on the VPN Concentrator.
The number of external Link-State Advertisements (LSAs) in the link-state database. LSAs from neighboring OSPF Autonomous Systems (AS) describe the state of the AS router's interfaces and routing paths.
The sum of the check sums of the external Link-State Advertisements in the link-state database. You can use this sum to determine if there has been a change in the OSPF router link-state database of the system, and to compare its database with other routers.
The number of new Link-State Advertisements that the system has originated. This number increments each time the OSPF router originates a new LSA.
The number of Link-State Advertisements received that are completely new LSAs. This number does not include newer instances of self-originated LSAs.
The maximum number of external LSAs that can be stored in the link-state database. A value of -1 means there is no limit.
This table shows a row of statistics for each enabled VPN Concentrator interface. When OSPF routing is enabled on an interface, that interface communicates with other OSPF routers in its area, and each area elects one OSPF router to be the Designated Router.
The IP address of the VPN Concentrator interface that communicates with its area.
The VPN Concentrator interface that communicates with its area:
The IP address of the Designated Router in this OSPF area.
The IP address of the backup Designated Router in this OSPF area.
This table shows a row of statistics for each OSPF neighbor, for all areas in which the VPN Concentrator participates. A neighbor is another OSPF router in an OSPF area, and this table includes all such areas for the VPN Concentrator.
The IP address of the neighboring OSPF router.
The router ID of the neighboring OSPF router, which uniquely identifies it to other OSPF routers in its domain. While the format is that of an IP address, it functions only as an identifier. By convention, however, it is the same as the IP address of the interface that is connected to the OSPF router network.
The state of the relationship with this neighboring OSPF router:
This table shows a row of statistics for each OSPF Area.
The Area ID identifies the subnet area within the OSPF Autonomous System or domain. While its format is the same as an IP address, it functions only as an identifier and not an address. 0.0.0.0 identifies a special area—the backbone—that contains all area border routers.
The number of times that the system has calculated the intra-area route table (SPF, or Shortest Path First table) using the link-state database of this area.
The total number of Autonomous System border routers reachable within this area.
The total number of area border routers reachable within this area.
The total number of Link-State Advertisements in the link-state database of this area, excluding AS external LSAs.
The sum of the check sums of the Link-State Advertisements in the link-state database of this area. This sum excludes external LSAs. You can use this sum to determine if there has been a change in the link-state database of the area, and to compare its database with other routers.
This table shows a row for each external Link-State Advertisement in the link-state database.
The Area ID identifies the Area from which the LSA was received.
The LSA type. Each LSA type has a different format:
Either a router ID or an IP address that identifies the piece of the routing domain being described by the LSA.
The identifier of the router in the Autonomous System that originated this LSA.
The sequence number of this LSA. Sequence numbers are linear. They are used to detect old and duplicate LSAs. The larger the number, the more recent the LSA.
The age of the LSA in seconds.
This screen shows statistics in MIB-II objects for ICMP traffic on the VPN Concentrator since it was last booted or reset. RFC 2011 defines ICMP MIB objects.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of ICMP messages that the VPN Concentrator received / sent. This number includes messages counted as Errors Received / Transmitted. ICMP messages solicit and provide information about the network environment.
The number of ICMP messages that the VPN Concentrator received but determined to have ICMP-specific errors (bad ICMP check sums, bad length, etc.).
The number of ICMP messages that the VPN Concentrator did not send due to problems within ICMP such as a lack of buffers.
The number of ICMP Destination Unreachable messages received / sent. Destination Unreachable messages apply to many network situations, including inability to determine a route, an unusable source route specified, and the Don't Fragment flag set for a packet that must be fragmented.
The number of ICMP Time Exceeded messages received / sent. Time Exceeded messages indicate that the lifetime of the packet has expired, or that a router cannot reassemble a packet within a time limit.
The number of ICMP Parameter Problem messages received / sent. Parameter Problem messages indicate a syntactic or semantic error in an IP header.
The number of ICMP Source Quench messages received / sent. Source Quench messages provide rudimentary flow control; they request a reduction in the rate of sending traffic on the network.
The number of ICMP Redirect messages received / sent. Redirect messages advise that there is a better route to a particular destination.
The number of ICMP Echo (request) messages received / sent. Echo messages are probably the most visible ICMP messages. They test the communication path between network entities by asking for Echo Reply response messages.
The number of ICMP Echo Reply messages received / sent. Echo Reply messages are sent in response to Echo messages, to test the communication path between network entities.
The number of ICMP Timestamp (request) messages received / sent. Timestamp messages measure the propagation delay between network entities by including the originating time in the message, and asking for the receipt time in a Timestamp Reply message.
The number of ICMP Timestamp Reply messages received / sent. Timestamp Reply messages are sent in response to Timestamp messages, to measure propagation delay in the network.
The number of ICMP Address Mask Request messages received / sent. Address Mask Request messages ask for the address (subnet) mask for the LAN to which a router connects.
The number of ICMP Address Mask Reply messages received / sent. Address Mask Reply messages respond to Address Mask Request messages by supplying the address (subnet) mask for the LAN to which a router connects.
This screen shows entries in the Address Resolution Protocol mapping table since the VPN Concentrator was last booted or reset. ARP matches IP addresses with physical MAC addresses, so the system can forward traffic to computers on its network. RFC 2011 defines MIB entries in the ARP table.
The entries are sorted first by Interface, then by IP Address. To speed display, the Manager might construct multiple 64-row tables. Use the scroll controls (if present) to view the entire series of tables.
You can also delete dynamic, or learned, entries in the mapping table.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of entries in the ARP table.
The VPN Concentrator network interface on which this mapping applies:
The hardwired MAC (Medium Access Control) address of a physical network interface card, in 6-byte hexadecimal notation, that maps to the IP Address. Exceptions are:
The IP address that maps to the physical address.
To remove a dynamic, or learned, mapping from the table, click Delete. There is no confirmation or undo. The Manager deletes the entry and refreshes the screen.
To delete an entry, you must have the administrator privilege to Modify Config under General Access Rights. See Administration | Access Rights | Administrators.
You cannot delete static mappings.
This screen shows statistics in MIB-II objects for Ethernet interface traffic on the VPN Concentrator since it was last booted or reset. IEEE standard 802.3 describes Ethernet networks, and RFC 1650 defines Ethernet interface MIB objects.
To configure Ethernet interfaces, see Configuration | Interfaces.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The Ethernet interface to which the data in this row applies. Only configured interfaces are shown.
The number of frames received on this interface that are not an integral number of bytes long and do not pass the FCS (Frame Check Sequence; used for error detection) check.
The number of frames received on this interface that are an integral number of bytes long but do not pass the FCS (Frame Check Sequence) check.
The number of times that the carrier sense signal was lost or missing when trying to transmit a frame on this interface.
The number of times that the SQE (Signal Quality Error) Test Error message was generated for this interface. The SQE message tests the collision circuits on an interface.
The number of frames received on this interface that exceed the maximum permitted frame size.
The number of frames for which the first transmission attempt on this interface is delayed because the medium is busy. This number does not include frames involved in collisions.
The number of successfully transmitted frames on this interface for which transmission is inhibited by exactly one collision. This number is not included in the Multiple Collisions number.
The number of successfully transmitted frames on this interface for which transmission is inhibited by more than one collision. This number does not include the Single Collisions number.
The number of times that a collision is detected on this interface later than 512 bit-times into the transmission of a packet. 512 bit-times = 51.2 microseconds on a 10-Mbps system.
The number of frames for which transmission on this interface failed due to excessive collisions.
The number of frames for which transmission on this interface failed due to an internal MAC sublayer transmit error. This number does not include Carrier Sense Errors, Late Collisions, or Excessive Collisions.
The number of frames for which reception on this interface failed due to an internal MAC sublayer receive error. This number does not include Alignment Errors, FCS Errors, or Frame Too Long Errors.
This interface's nominal bandwidth in megabits per second.
The current LAN duplex transmission mode for this interface:
This screen shows statistics in MIB-II objects for SNMP traffic on the VPN Concentrator since it was last booted or reset. RFC 1907 defines SNMP version 2 MIB objects.
To configure the VPN Concentrator SNMP server, see Configuration | System | Management Protocols | SNMP.
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
The total number of SNMP messages received by the VPN Concentrator.
The total number of SNMP messages received that were for an unsupported SNMP version. The VPN Concentrator supports SNMP version 2.
The total number of SNMP messages received that used an SNMP community string the VPN Concentrator did not recognize. See Configuration | System | Management Protocols | SNMP Communities to configure permitted community strings. To protect security, the VPN Concentrator does not include the usual default public community string.
The total number of syntax or transmission errors encountered by the VPN Concentrator when decoding received SNMP messages.
The total number of SNMP request messages that were silently dropped because the reply exceeded the maximum allowable message size.
The total number of SNMP request messages that were silently dropped because the transmission of the reply message to a proxy target failed for some reason (other than a timeout).
Posted: Fri Apr 18 17:15:22 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
