Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 VPN tables
Advanced Technical Reference Guide 4.1 • June 2000 155
The key1 and key2 fields are actually the first and last parts of the same key and are used to identify each key.
skip_key_requests table
The skip_key_requests table holds the requests for skip encryption including the two gateways and their NSIDs.
Example
attributes: refresh, expires 60
<00000000, c0a80c1f, 00000000, c073cd1c; 59/60>
The skip_key_requests table uses one of the following formats.
In the case of manual IPSec:
<0, source IP address, 0, destination IP address; time left/total time>
In the case of SKIP:
<NSID value of source, source IP address, NSID value of destination, destination IP address; time left/total
time>
The NSID values
NSID value Description
0 None
1IP
8MD5
skip_table table
The skip_table table is used for optimization. It holds the shared secret for the two encrypting gateways instead
of recalculating it every time.
Example
attributes: refresh, expires 86400, free function 133280040 0
<00000000, c7cb4704, 00000000, ce56230b; fc449da8; 85906/86400>
The skip_table table uses one of the following formats.
In the case of manual IPSec:
<0, source IP address, 0, destination IP address; shared secret key; time left/total time>
In the case of SKIP:
<NSID value of source, source IP address, NSID value of destination, destination IP address; shared secret key;
time left/total time>
Refer to The NSID values table above for descriptions of the possible NSID values.
skip_keyid table
When using SKIP encryption, the pointer to the encryption key in the connections table is actually an entry in
the skip_keyid table. The skip_keyid table entry is a pointer to the actual key.
Example
attributes: refresh, expires 3600, free function 4233988200 0
<ce56230b, 02010300; fc98ac10; 3106/3600>