I have a pix as vpn gateway and client software is VPN client 4.0.1, when client
connect to the pix successfully, under menu [Statistics]->[Secured Routers] thers are some many info, what I want to know is that how could this list means and what kind of operation could affect the list?? Thanks in advance.
Kindly find below for explanation of each tab at vpn client. Secured Routers will added once you connect to remote firewall after SA created.
Since it is Client-Server VPN only header will be encrypted by vpn. ( Transport Mode)
Hope this clears your doubts.
The Statistics tab shows statistics for data packets that the VPN Client has processed during the current session or since the statistics were reset. Reset affects only this part of the connection status screen.
Bytes in = The total amount of data received after a secure packet has been successfully decrypted.
Bytes out = The total amount of encrypted data transmitted through the tunnel.
Packets decrypted = The total number of data packets received on the port.
Packets encrypted = The total number of secured data packets transmitted out the port.
Packets bypassed = The total number of data packets that the VPN Client did not process because they did not need to be encrypted. Local ARPs and DHCP fall into this category.
Packets discarded = The total number of data packets that the VPN Client rejected because they did not come from the secure VPN device gateway.
Go to Viewing connection status
The Secured routes section lists the IPSec Security Associations (SAs).
The columns in the display show the following types of information:
Key icon = A key icon at the beginning of the row shows that the route is secure. The software generates a key as soon as the client needs to send secure data through the tunnel to the networks on the other side. The absence of a key means that the SA is no longer active. The SA may have timed out due to inactivity. Sending data to this network re-establishes the SA, and the key reappears.
Network = The IP address of the remote private network with which this VPN Client has an SA.
Subnet Mask = The subnet mask of the IP address for this SA.
Bytes = The total amount of data this SA has processed. This includes data before encryption as well as encrypted data received.
Src Port , Dst Port , and Protocol are for future use.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...