Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
161162163164165166167168169170
Appendix A: State Tables for VPN-1/FireWall-1 4.0 VPN tables
Advanced Technical Reference Guide 4.1 June 2000 156
The skip_keyid table uses the following format:
<destination IP address, encryption methods; pointer to key; time left/total time>
The encryption methods field contains eight hexadecimal digits that should be interpreted as four bytes of the
form ghij. Descriptions of each of these bytes are as follows:
Byte Description (depends on encryption edition (see below)
g Key encryption method
h Data encryption method
I Data Integrity method
jAlways00
Each of these bytes may contain the following values:
For VPN+STRONG editions: 0- 3DES, 1- CAST, 2 – RC4-128, 3- DES, 4 – DES-IV32, 5 – RC4-40, 6-
RC2-40, 7- DES-40CP, 8- CAST-40, 9- CLEAR
For VPN+DES editions: 0– 3DES, 1- DES, 2 – DES-IV32, 3 – RC4-40, 4- RC2-40, 5- DES-40CP, 6-
CAST-40, 7- CLEAR
For VPN editions: 0- DES, 1 – RC4-40, 2- RC2-40, 3- DES-40CP, 4- CAST-40, 5- CLEAR
For 40Bit editions: 0 – RC4-40, 1- RC2-40, 2- DES-40CP, 3- CAST-40, 4- CLEAR
IKE tables
ISAKMP_ESP_table table
Information about this table will be available in the next update to this document.
ISAKMP_AH_table table
Information about this table will be available in the next update to this document.
IPSec tables
manual_table table
The manual_table table is the same as the skip_keyid table, only applied to manual IPSec.
Example
attributes: refresh, expires 86400, expcall 4233974528 0
<00000000, 00000101; fc961eb8; 83039/86400>
The manual_table table uses the following format:
<0, SPI; pointer to key; time left/total time>
SPI is the IPSec Security Parameters Index – the index of the Security Association used to encrypt/decrypt a
datagram.
SA_requests table
Information about this table will be available in the next update to this document.