| cry-ace-rule-data |
v4-ext-ace-rule |
ACL entry parameters used for matching |
| crypto-ace-oper-data |
match-counter |
ACE operational data |
| crypto-acl |
group-name dwnld-acl-entry |
A list of access-list-entry(ACE) |
| crypto-acl-entry |
rule-name ace-data acl-rules |
Entry representing ACE list entry |
| crypto-acl-port |
port-option-choice |
Port configuration for the protocol |
| crypto-acl-port-data |
port-oper port |
ACL entry port configuration data |
| crypto-acl-protocol |
proto-choice |
Protocol to match packets |
| crypto-acl-v4-address |
v4-address-choice |
IPv4 address to be matched in this position |
| crypto-acl-v4-address-wildcard |
address wildcard |
IPv4 network address and wildcard |
| crypto-acl-v4-extended-ace-data |
action proto src-addr src-port dest-addr dest-port |
IPv4 ACE data |
| crypto-cerm-client-info-entry |
voice ipsec sslvpn |
Client Related Information |
| crypto-cerm-info-entry |
enabled resource-info resv-info stats-info |
Crypto Export Restriction Information |
| crypto-cerm-resource-info-entry |
ipsec-tunnels tls-sessions |
Tunnel based Resource Info |
| crypto-cerm-resv-entry |
tunnels tls-sessions |
Dynamic Client Resource reservation info |
| crypto-cerm-stats-entry |
failed-tunnels failed-sessions |
Statistics Information |
| crypto-cerm-tunnels-entry |
maximum available |
Details on Number of Resource Entries |
| crypto-cmd-stats-entry |
cmd-type num-request num-reply-ok num-reply-error num-abort total-time |
Crypto Policy Abstraction Layer (PAL) Command Statistics |
| crypto-database-stats-entry |
dbase-type num-add num-delete num-abort |
Crypto Policy Abstraction Layer (PAL) Database Statistics |
| crypto-gdoi-gm-entry |
group-name sa-dir acl-rcvd gm-entry |
Crypto GDOI GM Information |
| crypto-gdoi-gm-rekey-entry |
group-name transport-type total-rekeys-rcv rekeys-rcv-after-reg rekey-acks-sent |
Crypto GDOI GM Rekey Information |
| crypto-gdoi-gm-replay-entry |
group-name time-based-replay replay-value input-pkts output-pkts input-error-pkts output-error-pkts time-sync-error max-time-delta |
Crypto GDOI GM Replay Information |
| crypto-gdoi-gm-stats-entry |
group-name pkts-encrypt pkts-decrypt pkts-tagged pkts-untagged pkts-no-sa pkts-invalid-sa pkts-encaps-fail pkts-decap-fail pkts-invalid-prot pkts-verify-fail pkts-not-tagged pkts-not-untagged pkts-internal-err-send pkts-internal-err-rcv |
Crypto GDOI GM(Group Member) Dataplane Stats |
| crypto-gdoi-ipsec-sa |
ipsec-sa-num tek-birth-time tek-lifetime rem-tek-lifetime rem-time-tek-rekey |
Crypto GDOI IPSec SA Information |
| crypto-gdoi-kek |
rekey-transport-type kek-spi mgmt-alg encr-alg crypto-iv-len key-size orig-life kek-birth-time rem-life time-to-rekey sig-hash-alg sig-key-len sig-size sig-key-name rekey-ack-type |
Crypto GDOI KEK policy |
| crypto-gdoi-ks-coop-entry |
group-name redundancy local-ks peer-ks |
Crypto GDOI KS COOP Information |
| crypto-gdoi-ks-entry |
group-name group-id re-auth group-type gikev2-prof total-mem gdoi-mem gikev2-mem rekey-ack sa-dir ipd3p-window pfs sp-resil-factor redundancy ks-addr priority status role version |
Crypto GDOI Group Information |
| crypto-gdoi-ks-mem-entry |
group-name group-id tot-group-mem num-rekeys-sent num-rexmit duration ks-entry gm-entry |
Crypto GDOI KS members Information |
| crypto-gdoi-ks-policy |
group-name ks-entry |
Crypto GDOI KS policy Information |
| crypto-gdoi-ks-replay-entry |
group-name time-based-replay replay-value rem-sync-time last-sync-timestamp |
Crypto GDOI KS Replay Information |
| crypto-gdoi-rekey-sa |
group-name kek-db-stats kek-entry |
Crypto GDOI Rekey SA Information |
| crypto-gdoi-tek |
encaps-mode tek-spi acl transform-mode alg-key-size sig-key-size orig-life tek-birth-time rem-life override-life anti-replay-window time-to-rekey |
Crypto GDOI TEK policy |
| crypto-ike-sa-data |
sa-id sa-status local-ip-addr local-port remote-ip-addr remote-port dh-group init-spi resp-spi ivrf fvrf lifetime hash-algo encr-alg my-auth-method peer-auth-method |
Crypto IKE Security Association Data |
| crypto-ikev1-sa-entry |
sa-id sa-data |
Crypto IKEV1 Security association Entry |
| crypto-ikev2-sa-entry |
sa-id sa-data |
Crypto IKEV2 Security Association Entry |
| crypto-ipsec-ident-data |
protected-vrf local-ident-addr local-ident-mask local-ident-protocol remote-ident-addr remote-ident-mask remote-ident-protocol plaintext-mtu local-endpt-addr remote-endpt-addr dh-group inbound-esp-sa inbound-ah-sa inbound-pcp-sa outbound-esp-sa outbound-ah-sa outbound-pcp-sa |
Crypto IPSEC Identity Data |
| crypto-ipsec-ident-entry |
interface ident-data |
Crypto IPSEC Identity Entry |
| crypto-ipsec-policy-stats-entry |
notify-stats cmd-stats dbase-stats |
Crypto Policy Stats Information |
| crypto-ipsec-sa-entry |
spi dir protocol flow-id sa-status transform-set |
Crypto IPSEC SA entry |
| crypto-ks-rekey-entry |
group-name rekey-ack rekey-in-progress rekeys-sent rekeys-rexmit kek-lifetime kek-birth-time kek-rem-life rem-time-kek-rekey rexmit-period num-rexmit cur-rexmit ipsec-sa delete-in-progress |
Crypto KS Rekey information |
| crypto-notify-stats-entry |
notification-type num-received num-completed num-rcv-error num-rcv-ignore |
Crypto Policy Abstraction Layer (PAL) Notification Statistics |
| gdoi-gm-entry |
group-name local-addr remote-addr vrf-enabled vrf-name gm-ver gm-state prev-reg-time secs-to-re-reg succ-reg att-reg last-rekey-from-ks last-rekey-seq-num last-rekey-time rekeys-rcvd rekey-acks-sent pfs-rekeys dp-error dp-interval dp-reg num-ipsec-init-reg-exec num-ipsec-init-reg-ppnd active-tek-count sa-track sa-track-oid sa-track-is-up fail-close-revert ks-policy-removal-time |
Entry for each GM Information |
| kek-sa-db-stats |
num-active num-malloc num-free |
Database statistics of KEK SA (Security Association) |
| ks-mem-gm-entry |
gm-number gm-id gm-ver group-type gm-state ks-id rekeys-sent rekey-retries rekey-acks-rcvd rekey-acks-missed |
Entry for each Group Member |
| ks-mem-ks-entry |
ks-ip gmdb-state group-mem |
Crypto GDOI KS Information |
| ks-policy-ks-entry |
ks-ip total-tek seq-num valid-kek kek tek |
Crypto GDOI KS policy of each KS |
| local-coop-ks |
ks-addr priority role status version coop-version coop-refresh-time anti-replay-seq-num |
Crypto GDOI Local Key server Information |
| peer-coop-ks |
ks-addr priority role status version coop-version anti-replay-seq-num ike-status ann-msgs-sent reply-req-sent ann-msgs-rcv reply-req-rcv pkts-sent-drops pkts-rcv-drops bytes-sent bytes-rcv |
Crypto GDOI Peer Key server Information |
| rekey-sa-kek |
transport-type local-addr remote-addr kek-spi mgmt-alg encr-alg crypto-iv-len key-size birth-time orig-life sig-hash-alg sig-key-len sig-size rekey-ack-type ikev1-conn-id ikev2-conn-id seq-num prev-seq-num ike-handle gm-mode if-name |
Crypto GDOI Rekey SA KEK Information |