The VPN Member Activity window displays the real-time activity of a selected VPN member and its associated VPN tunnel connections for IP or the Internetwork Packet ExchangeTM (IPXTM) software.
There are two ways to display the VPN activity. If you select a slave server, both methods have the same capabilities: 1) From the VPN tab, and 2) From the Tools menu. If you select a slave server, both methods have the same capabilities. If you select the VPN master server, the first enables you to view connection information from the perspective of any VPN member, while the second enables you to view connection information only from the perspective of the master server.
IMPORTANT: To view the activity of any VPN server that is also a member of another VPN, you must go to the VPN server in your local VPN that is directly connected to that server.
Displaying the VPN Activity from the VPN Tab
To display the VPN activity using the first method, complete the following steps:
In NetWare Administrator, double-click a VPN server and select the Novell BorderManager 3.7 Setup page.
Click the VPN tab.
Double-click Master Site-to-Site or Slave Site-to-Site under Enable Service.
Click Status.
For the master server, the screen displays the VPN's synchronization status, the progress of the master server updating all slave servers with the current VPN topology and encryption information. A server's synchronization status can assume one of the following states:
Up-to-Date---The server has been configured with the latest topology and encryption information. This state does not indicate that the server's VPN tunnel connections are up. Use the Activity display to determine the status of the VPN tunnel connections.
Being Configured---The server has not received the newest topology and encryption information from the master server.
Being Removed---The server is being removed from the VPN.
NOTE: Any server state that remains at Being Configured or Being Removed for an extended period of time indicates a problem with the master server's ability to communicate with that VPN member. If a VPN member has been removed from the VPN, its state will remain at Being Removed as long as the master server cannot communicate with it. You can remove the VPN member from the Synchronization Status list by clicking Free VPN Member. For all other cases, view the audit log to troubleshoot the problem.
If you are viewing the status from the master server, click a VPN server.
Click Activity.
To check the activity between the selected VPN member and an associated connection, click the name of the associated connection in the Associated Connections window.
This updates the IPX Associated Connection Details and the IP Associated Connection Details windows, and reflects the VPN tunnel activity information for this VPN member.
To see the latest activity information, click Update.
This updates the VPN Associated Connections window with the latest activity information. The monitor is automatically updated every 10 seconds.
Displaying VPN Activity from the Tools Menu
To display VPN activity only from the perspective of the server that you select, complete the following steps:
In NetWare Administrator, click the VPN server from whose perspective you want to view the activity information.
Select Novell BorderManager 3.7 from the Tools menu to open the Novell BorderManager 3.7 window.
Right-click Virtual Private Network and select View Member Activity/Log from the menu of options to view the VPN Activity window.
The VPN Activity Window
The following information is contained in the VPN Activity window:
VPN Associated Connections---Displays the real-time activity of the currently selected VPN member and all associated VPN tunnel connections for either protocol (IPX or IP). The activity arrows are defined as follows:
Green Up-arrow---The encryption tunnel is currently active between the selected VPN member and the associated connection. This arrow indicates that packets have been received within the last 35 seconds.
Light Blue Up-arrow---The encryption tunnel is currently active and packets have been received from 35 to 70 seconds earlier.
Yellow Up-arrow---The encryption tunnel is currently active and packets have been received at one time, but not in the last 70 seconds.
Magenta Up-arrow---The tunnel connection was previously established and packets were received, but the connection is currently unattached.
Red Up-arrow---The encryption tunnel is in the process of being established.
Red Down-arrow---The encryption tunnel is currently down between the selected VPN member and the associated connection. This arrow indicates that no packets were ever received. Check the audit log for both VPN members to determine why this encryption tunnel is down.
To view the activity between the selected VPN member and a particular associated connection, click the associated VPN member name in the VPN Associated Connections list. The IPX Associated Connection Details and the IP Associated Connection Details windows are updated to reflect the VPN tunnel activity information for this VPN member.
VPN Tunnel Global Details---Displays the following global VPN connection information for the selected VPN member:
Tunnel Status---Whether the VPN tunnel is currently loaded or unloaded.
Tunnel Time Active---How long the VPN tunnel has been active.
Successful Client Connects---Total number of times a successful connection was made with a VPN client.
Failed Client Connects---Total number of times an attempt to make a connection with a VPN client failed.
IPX Packets Sent---Total number of encrypted IPX packets sent to all VPN members.
IPX Packets Received---Total number of encrypted IPX packets received from all VPN members.
IP Packets Sent---Total number of encrypted IP packets sent to all VPN members.
IP Packets Received---Total number of encrypted IP packets received from all VPN members.
Total Packets Sent---Total number of IPX and IP packets sent to all VPN members.
Total Packets Received---Total number of IPX and IP packets received from all VPN members.
Total Bytes Sent---Total number of bytes sent to all VPN members.
Total Bytes Received---Total number of bytes received from all VPN members.
Total Sent Packets Discarded---Total number of outgoing IPX and IP packets discarded.
Total Receive Packets Discarded---Total number of incoming IPX and IP packets discarded.
Associated Connection Details---Displays the following information about the tunnel connection between the selected VPN member and the associated VPN member:
Associated Connection---Associated VPN member's server name.
Associated Address---Associated VPN member's IP address. This is the configured public IP address.
Time to Disconnect---Amount of time left before the Disconnect Timeout expires and the VPN tunnel is disconnected if the connection remains inactive.
Send Key Changes---Number of times the outgoing data encryption key was changed.
Receive Key Changes---Number of times the incoming data encryption key was changed.
Total Bytes Sent---Number of bytes of encrypted IPX data sent to the associated VPN member.
Total Bytes Received---Number of bytes of encrypted IPX data received from the associated VPN member.
Sent Packets Discarded---Number of IPX and IP packets sent to the associated VPN member that were discarded.
Receive Packets Discarded---Number of IPX and IP packets received from the associated VPN member that were discarded.
IPX Associated Connection Details---Displays the following information about the IPX tunnel connection between the selected VPN member and the associated VPN member:
Connection State---Current connection state with the associated VPN member. The connection states are defined as follows:
Established---The connection has been established and packets have been sent and received.
Pending---A call has been made, but no packets have been received from that member.
Unattached---The connection has not been made or the WAN call terminated after the connection was established.
Call Direction---Call direction for the associated VPN member. The call directions are defined as follows:
Outgoing---For this connection, the selected VPN member initiated the call.
Incoming---For this connection, the associated VPN member initiated the call.
Time Active---Total amount of time this VPN tunnel connection has been active.
Packets Sent---Number of encrypted IPX packets sent to the associated VPN member.
Packets Received---Number of encrypted IPX packets received from the associated VPN member.
IP Associated Connection Details---Displays the following information about the IP tunnel connection between the selected VPN member and the associated VPN member:
Connection State---Current connection state for the associated VPN member. The connection states are defined as follows:
Established---The connection has been established and packets have been sent and received.
Pending---A call has been made, but no packets have been received from that member.
Unattached---The connection has not been made or the WAN call terminated after the connection was established.
Call Direction---Call direction for the associated VPN member. The call directions are defined as follows:
Outgoing---For this connection, the selected VPN member initiated the call.
Incoming---For this connection, the associated VPN member initiated the call.
Time Active---Total amount of time this VPN tunnel connection has been active.
Packets Sent---Number of encrypted IP packets sent to the associated VPN member.
Packets Received---Number of encrypted IP packets received from the associated VPN member.
To view the latest activity information, click Update. The VPN Associated Connections window is refreshed with the latest activity information. The monitor automatically refreshes every 10 seconds.
The Security Window
To view the encryption and authentication key parameters, click Security. The following information is contained in the Security window:
Global Packets Per Key Change---Number of packets sent or received that will cause the data encryption key to change.
Key Management---Protocol used for key management. Currently, only SKIP is supported.
Send Encryption Type---Outgoing data encryption algorithm used.
Receive Encryption Type---Incoming data encryption algorithm used.
Encryption Send Key Size---Outgoing data encryption key length in bits.
Encryption Receive Key Size---Incoming data encryption key length in bits.
Send Authentication Type---Outgoing data authentication algorithm used.
Receive Authentication Type---Incoming data authentication algorithm used.
Authentication Send Key Size---Outgoing data authentication key length in bits.
Authentication Receive Key Size---Incoming data authentication key length in bits.
