Checking the VPN Real-Time Monitor
The VPN real-time monitor page displays the information of a selected VPN member and its associated VPN connections.
In the NRM VPN view status menu (see VPN View Status) click the Real Time Monitor link for a selected member to display a page with the following information:.
Figure 72Connection Information for the Selected Member
This page provides detailed real-time information of the list of members and clients connected to the selected member.
Connected Node: These are the IP addresses of the listed clients and members. They are links to detailed information for each of them. The addresses in the brackets are unique IP addresses assigned by the VPN gateway.
Connection Name: For servers, the connection name is the VPN name of the server. For clients, the connection name is as follows:
- For the Novell BorderManager 3.8 client, when the key management type is IKE the connection name is either the certificate subject name if user connects in certificate mode (for example o=novell, CN=admin), the eDirectory/NDS FDN username if the user is an NMAS user (for example admin.novell), or the LDAP FDN username if the user is an LDAP user (for example CN=admin).
- For any earlier version of the BorderManager client or Novell BorderManager 3.8 client in backward compatibility mode, the connection name is the eDirectory/NDS FDN username (for example admin.novell).
Key Management Type: The key management type of the connections could be IKE or SKIP. If the connections are behind NAT, the key management type is NATed IKE or NATed SKIP. If the key management is Unknown Type, it indicates that the connection with the associated member is lost. There is no IKE SA, but the server is still configured as a slave to the site-to-site network.
Connection Type: The connections could be VPN servers (master or slave) or clients.
Page Refresh Interval: The Page Refresh Interval is an editable field and can be used to alter the refresh interval. The minimum limit here is 10 seconds.
If the real-time monitor page shows a connection as type Server with the key management type as unknown, the server might be configured as a site-to-site member of the network but there might not be any active connection between the two servers.
Figure 73Detailed Information for a SKIP Connection
Figure 74 Detailed Information for an IKE Connection
IKE key management parameters like encryption algorithm, authentication algorithm, and authentication method (Certificate/Pre-shared key/NMAS) are displayed here.
Active Policies: The policies displayed in the lower box on the page are active traffic rules enforced for a connection. Click a traffic rule to see the packets passed because of this traffic rule. If a traffic rule is configured as Deny it won't be displayed here. If the same policy is displayed twice, one of the policies is about to expire and a new SA is being negotiated. The algorithm shown here is used to protect the data traffic.
Figure 75Policy Statistics for an Active Traffic Rule
