Flow Counts

Current UDP flows

The total number of
UDP port based flows in the data path.

Current Cookie flows

The total number of
cookie challenge based flows in the data path.

Transmit Statistics

IKE Packets

The total number of
total IKE packets transmitted.

Receive Statistics

IKE Packets Received

The total number of
IKE packets received.

New IKE Requests

The total number of
IKE packets sent for new IKE requests.

UDP flow Packets

The total number of
packets that matched the UDP flow.

Cookie flow Packets

The total number of
packets that matched the cookie flow.

Rekey Statistics

IKE Rekeys

The total number of
successful IKE_SA rekeys.

Dead Peer Detection (DPD) Statistics

Requests sent

The total number of
DPD RUTHERE packets sent.

Replies received

The total number of
DPD RUTHEREACK packets received.

Requests received

The total number of
DPD RUTHERE packets received.

Replies sent

The total number of
DPD RUTHEREACK packets sent.

Collisions

The total number of
events that IKEv2 keepalive exchanges occur simultaneously from
the PDIF and the MS.

Disconnects

The total number of
DPD disconnects that occurred between the peers.

Timeouts

The total number of
DPD protocol messages that have exceeded their configured timeout
period.

NATT Statistics

Keepalives sent

The total number of
NATT keepalive packets sent.

Detailed IKE Statistics

Active IKE SAs

The total number of
IKE SAs.

Initiated

The total number of
the active SAs initiated locally.

Responded

The total number of
the active SAs responded.

Total IKE SAs so far

The total number of
SAs (cumulative history).

Initiated

The total cumulative
IKE SAs initiated locally.

Responded

The total cumulative
IKE SAs responded to.

Total attempts so
far

The total cumulative
attempts made to establish SAs.

Initiated

The total number of
SA establishment attempts initiated locally.

Responded

The total number of
SA establishment attempts responded to.

Total deletes so far

The total cumulative
deletes so far.

Requests received

The total number of
requests received.

Requests sent

The total number of
requests sent.

Replies received

The total number of
replies received.

Replies sent

The total number of
replies sent.

Total packets in

The total cumulative
IKEv2 packets received.

Total packets out

The total cumulative
IKEv2 packets sent.

Total octets in

The total cumulative
IKEv2 octets received.

Total octets out

The total cumulative
IKEv2 octets sent.

Failed initiated negotiations with
errors

The total number
of initiated negotiations that failed because of errors.

Failed initiated negotiations with
time out:

The total number of
initiated negotiations that failed because of timeouts (no response).

Failed responded negotiations
with errors

The total number of
responded negotiations that failed because of errors.

Total cookie errors

The total number of
cookie errors encountered.

Congestion rejects

The total number of
packets rejected due to congestion.

Congestion drops

The total number of
packets dropped due to congestion.

Total Unknown Exchange SPI

The total number of
unknown exchange SPIs.

IKEv2 Detail Statistics

Current State

Current IKEv2 SAs

The number of current
IKEv2 SAs.

Current HalfOpen
IKEv2 SAs

The number of IKEv2
SAs in a halfopen state.

Current Connecting
IKEv2 SAs

The number of IKEv2
SAs currently connecting.

Current Established
IKEv2 SAs

The number of established
IKEv2 SAs.

Current Child SAs

The number of current
child SAs.

Total IKEv2 Timer
Statistics

IKESA Retrans Expirations

The total number of
retransmission expirations.

IKESA Setup Expirations (no
Xchg)

The number of IKESA
setups that expired with no exchange.

IKESA Setup Expirations

The total number of
IKESA Session setups expired.

IKESA Lifetime (Soft) Expirations

The number of IKESA
soft lifetime timer expirations.

IKESA Lifetime (Hard) Expirations

The number of IKESA
hard lifetime timer expirations.

CHILD_SA
Setup Expirations (no Xchg)

The number of Child
SA setups that expired with no exchange.

CHILD_SA
Lifetime (Soft) Expirations

The number of Child
SA soft lifetime timer expirations.

CHILD_SA
Lifetime (Hard) Expirations

The number of Child
SA hard lifetime timer expirations.

Total IKEv2 Multiple
Authentication Statistics

Phase 1 Auth Successes

The number of multiauth
Phase 1 EAP authentication successes.

Phase 1 Auth Failures

The number of multiauth
Phase 1 EAP authentication failures.

Phase 1 Auth Req Sent

The number of multiauth
Phase 1 EAP authentication requests sent.

Phase 1 Auth Resp Rcvd

The number of multiauth
Phase 1 EAP authentication responses received.

Phase 2 Auth Successes

The number of multiauth
Phase 2 EAP authentication successes.

Phase 2 Auth Failures

The number of multiauth
Phase 2 EAP authentication failures.

Phase 2 Auth Req Sent

The number of multiauth
Phase 2 EAP authentication requests sent.

Phase 2 Auth Resp Rcvd

The number of multiauth
Phase 2 EAP authentication responses received.

Phase 2 Auth MD5 Successes

The number of multiauth
Phase 2 EAP authentication with MD5 successes.

Phase 2 Auth MD5 Failures

The number of multiauth
Phase 2 EAP authentication with MD5 failures.

Phase 2 Auth GTC Successes

The number of multiauth
Phase 2 EAP authentication with GTC mode successes.

Phase 2 Auth GTC Failures

The number of multiauth
Phase 2 EAP authentication with GTC mode failures.

Hash match failures

The number of hash
match failures.

Signing failures

The number of signing
failures.

MSK missing at phase
1 comp

The number of EAP
Master Session Keys (MSK) not found.

Miss Another Auth Follows

The number of missed
authentications that follow.

Total IKEv2 Exchanges
Dropped

Resp Pkts Drop  No IKESA

The number of IKEv2
response packets dropped without an IKEv2 SA being created.

Invalid Resp

The total number of
invalid response messages.

NonInit
Exch Drop  No IKESA

The total number of
IKEv2 exchanges dropped without an IKEv2 SA being created.

Invalid MSG ID

The total number of
sessions dropped due to packets with invalid MSG ID.

Invalid Major Version

The total number of
sessions dropped due to packets with invalid major version.

IKESA error

The total number of
IKESA error messages.

Unknown Crit Payload

The total number of
unknown critical payload messages.

Retransmitted request

IKEV2 Stack does not
process the packets in the order they are received. New packets
are queued if any packet is under processing. After completing
the processing, stack consider processing the packets queue
first instead of taking the latest packet received from network
directly and leaving the packets in queue for later. And
if any message is received with same message ID which is currently
under processing, then that message will be discarded as
retransmitted message received. The count for such request
is 'Retransmitted Request'.

Total IKEv2 Notify Statistics

Cookie Notify Sent

The total number of
IKEv2 Denial of Service (DoS) cookie notify packets sent.

Cookie Notify Received

The total number of
IKEv2 DoS cookie notify packets received.

Cookie Notify Match

The total number of
IKEv2 DoS cookie notify messages that match.

Cookie Notify Not Match

The total number of
IKEv2 DoS cookie notify messages that do not match.

Multi Auth Supported

The total number of
multiple authentications supported.

Another Auth Follows

The total number of
authentications that follow.

PDN Type IPv4 Sent

Displays the status of the IPv4 PDN type sent.

PDN Type IPv6 Sent

Displays the status of the IPv6 PDN type sent.

Total IKEv2 Rekey
Statistics

IKESA Rekey Sent

The total number of
IKESA Rekey Request messages sent.

IKESA Rekey Rcvd

The total number of
IKESA Rekey Request messages received.

IKESA Rekey Ignored

The total number of
IKESA Rekey messages ignored.

ChildSA Rekey Req Sent

The total number of
Child SA Rekey Request messages sent.

ChildSA Rekey Req Rcvd

The total number of
Child SA Rekey Request messages received.

ChildSA Rekey Rsp Sent

The total number of
Child SA Rekey Response messages sent.

ChildSA Rekey Rsp Rcvd

The total number of
Child SA Rekey Response messages received.

ChildSA Rekey Ignored

The total number of
Child SA Rekey messages ignored.

Total IKEv2 MOBIKE
Statistics

MOBIKE Notify Sent

The total number of
MOBIKE notify messages sent.
MOBIKE is not supported. All
MOBIKE messages are treated as if they were never received.

MOBIKE Recvd

The total number of
MOBIKE packets received.

MOBIKE Ignored

The total number of
MOBIKE packets dropped.

Total IKEv2 Misc Statistics

SA Create Failure

The total number of
SA creations failed.

SA Flow Operation Failure

The total number of
SA flow operations failed.

Total IKEv2 Notify Payload Sent
Statistics

Invalid KE Payload

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Invalid KE Payload.

Invalid Major Version

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Invalid Major Version.

Invalid Message ID

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Invalid Message ID.

Invalid Syntax

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Invalid Syntax.

No Additional SAs

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type No Additional SAs.

No Proposal Chosen

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type No Proposal Chosen.

TS Unacceptable

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type TS Unacceptable.

Unsupported Critical Payload

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Unsupported Critical
Payload.

Internal Failure Sent

The total number of
IKEv2 NOTIFY payloads sent of the NOTIFY type Internal Failure Sent.

Total IKEv2 Notify Payload Received
Statistics

Invalid KE Payload

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type Invalid KE Payload.

Invalid Major Version

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type Invalid Major
Version.

Invalid Message ID

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type Invalid Message
ID.

Invalid Syntax

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type Invalid Syntax.

No Additional SAs

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type No Additional
SAs.

No Proposal Chosen

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type No Proposal Chosen.

TS Unacceptable

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type TS Unacceptable.

Unsupported Critical Payload

The total number of
IKEv2 NOTIFY payloads received of the NOTIFY type Unsupported Critical
Payload.

IKEv2 Exchange Decode
Failure Statistics

Packet Failures

The number of IKEv2
packets that fail to decode.

Internal Errors

The total number of
failures due to internal errors.

Invalid IP HDR

The total number of
failures due to an invalid IP header.

Invalid UDP HDR

The total number of
failures due to an invalid UDP header.

Invalid IKE HDR

The total number of
failures due to an invalid IKE header.

Invalid IKE HDR Payload

The total number of
failures due to an invalid IKE header payload.

Invalid IKE HDR Init SPI

The total number of
failures due to an invalid IKE header initiator security parameter
index.

Invalid IKE HDR Resp SPI

The total number of
failures due to an invalid IKE header responder security parameter
index.

Invalid IKE HDR Major Ver

The total number of
failures due to an invalid IKE header major version.

Invalid IKE HDR Minor Ver

The total number of
failures due to an invalid IKE header minor version.

Invalid IKE HDR Xchg Type

The total number of
failures due to an invalid IKE header exchange type.

Invalid IKE HDR Rcvd Flag

The total number of
failures due to an invalid IKE header received flags.

Invalid IKE HDR Len

The total number of
failures due to an invalid IKE header length.

Invalid Syntax

The total number of
failures due to an invalid syntax.

Invalid Payload Syntax

The total number of
failures due to an invalid payload syntax.

Invalid Payload Len

The total number of
failures due to an invalid payload length.

Unknown Crit Payload

The total number of
failures due to an unknown critical payload.

Too many payloads

The total number of
failures due to many payloads.

Invalid SA Payload
Len

The total number of
failures due to an invalid SA payload length.

Invalid SA Proposal HDR

The total number of
failures due to an invalid SA proposal header.

Invalid SA Proposal
HDR Rcvd

The total number of
failures due to an invalid SA proposal header received.

Too many transforms

The total number of
failures due to many transformsets in the SA payload.

Invalid SA Proposal
HDR Len

The total number of
failures due to an invalid SA proposal header length.

Too many proposals

The total number of
failures due to many proposals in SA payload.

Invalid first SA Proposal num

The total number of
failures due to an invalid first SA proposal number.

Invalid SA Proposal
ID

The total number of
failures due to an invalid Protocol ID in SA payload.

Invalid SA Proposal num

The total number of
failures due to an invalid SA proposal number.

Invalid Transform
Len

The total number of
failures due to an invalid transformset length.

Invalid Transform
HDR

The total number of
failures due to an invalid transformset header.

Invalid Transform
HDR Rcvd

The total number of
failures due to an invalid transformset header received.

Invalid Transform
Type

The total number of
failures due to an invalid transformset type.

Invalid Transform
ID

The total number of
failures due to an invalid transformset ID.

Invalid KE Payload
Len

The total number of
failures due to an invalid key exchange payload length.

Invalid KE DH Group

The total number of
failures due to an invalid key exchange DiffieHellman group
number.

Invalid KE DH Group Len

The total number of
failures due to an invalid ID payload length.

Invalid ID Pld Len

The total number of
failures due to an invalid ID payload length.

Invalid ID Pld Type

The total number of
failures due to an invalid ID payload type.

Invalid ID Pld Data

The total number of
packets for which ID payload syntax validation has failed.

Invalid Auth Pld Len

The total number of
failures due to an invalid authorization payload length.

Invalid Nonce Payload Len

The total number of
failures due to an invalid nonce payload length.

Invalid Notify Payload Len

The total number of
failures due to an invalid notify payload length.

Invalid Notify Payload
SPI Len

The total number of
failures due to an invalid notify payload security parameter index
size.

Invalid Notify Payload NAT

The total number of
failures due to an invalid notify payload Network Address TranslationTraversal.

Invalid Notify payload
Proto Id

The total number of
failures due to an invalid notify payload protocol ID.

Invalid EAP Payload len

The total number of
failures due to an invalid Encapsulation Authentication Protocol
payload length.

Invalid Notify Payload Rekey

The total number of
failures due to an invalid notify payload rekey.

Invalid CP Payload
len

The total number of
failures due to an invalid CP payload length.

Invalid Notify Payload Cookie

The total number of
failures due to an invalid notify payload cookie.

Invalid TS Payload
len

The total number of
failures due to an invalid transformset payload length.

Invalid CP Payload
Attr Len

The total number of
failures due to an invalid CP payload unknown attribute length.

Invalid TS Payload Rcvd

The total number of
failures due to an invalid transformset payload received.

Invalid Encrypted
Payload Len

The total number of
failures due to an invalid encrypted payload length.

Invalid TS payload
TSType

The total number of
failures due to an invalid transformset payload transformset
type.

Unsupported Crit Payload

The total number of
failures due to an unsupported critical payload.

Unsupported Cert Payload

The total number of
failures due to an unsupported certified payload.

Unsupported Notify
Prot AH

The total number of
failures due to an unsupported notify payload protocol Authentication
Header.

Unsupported Auth method

The total number of
failures due to an unsupported authentication method.

Unsupported Payload
Crit VID

The total number of
failures due to an unsupported payload critical VLAN ID.

Unsupported method

The total number of
failures due to an unsupported method.

Unknown Error

The total number of
failures due to an unknown error.

Unsupported SA Payload Prot
AH

The total number of
failures due to an unsupported SA payload protocol Authentication
Header.

Unsupported TS payload
TSNum

The total number of
failures due to an unsupported transformset payload number.

Unsupported TS Payload
TSType

The total number of
failures due to an unsupported transformset payload transformsettype.

Unsupported TS Payload
TSProt

The total number of
failures due to an unsupported transformset payload protocol.

Unsupported CP Payload
No IP Attr

The total number of
failures due to an invalid CP because of no available IP attribute.

Invalid CP Payload
UNK ATTR

The total number of
failures due to an invalid CP because of an unknown attribute.

Total IKEv2 Decrypt
Failure Statistics

Packets Failure

The total number of
session failures due to packets that failed to decrypt.

HMAC mismatch

The total number of
session failures due to a HMAC mismatch.

Pad length error

The total number of
failures due to a pad length error in the packet.

Total IKEv2 Xchg Statistics

Bad Msg Id

The total number of
session failures due to a bad message ID.

Bad Response

The total number of
session failures due to a bad response.

Stale Msg ID

The total number of
session failures due to a stale message ID.

Unknown error

The total number of
session failures due to unknown errors.

Stale Lookup Failure

The total number of
session failures due to a stale lookup failure.

Combined Crypto map
Statistics

Current Tunnels

The number of tunnels
currently connected by the SA.

Current Tunnels Established

The number of tunnels
successfully connected by the SA.

IKE Fails

The total number of
tunnels that failed to be connected by the SA.

Total Tunnels

The total number of
tunnels connected by the SA.

Total Tunnels Established

The total number of
tunnels successfully connected by the SA.

Call Req Rejects

The total number of call request reject messages.

IKEv2 Authentication Failures Statistics

No DEA message

The total number of non DEA messages.

Missing AVP in DEA

The total number of missing AVPs in the DEA message.

Invalid APN

The total number of invalid APNs.

Key mismatch

The total number of key mismatches in the authentication vectors.

Invalid result code or AVP in DEA

The total number of invalid result code or AVP in the DEA message.

Invalid NAI format

The total number of invalid NAI formats.

APN validation failed

The total number of failed APN validations.

Misc. auth failures

The total number of miscellaneous authentication failures.
