zERT IPSec Session Attributes

Use the zERT IPSec Session Data attributes to monitor all zERT IPSec sessions.

Origin Node Unique identifier for the TCP/IP stack being displayed.

System ID The SMF system ID. The format is a text string no longer than 4 characters.

TCPIP STC Name The jobname of the TCP/IP address space.

Sysplex Name The name of the sysplex that the monitored system is part of. The format is a text string no longer than 8 characters.

Collection Time The time and date of data sampling.

User ID The z/OS user ID associated with the socket.

Application Name The jobname associated with the application address space that opened and bound the socket associated with the security session.

IP Protocol The IP Protocol for the security session. The format is an unsigned integer that can have the following values:
6 - TCP
17 - UDP

Port Range Start The starting value for the server port range. The format is an unsigned integer.

Port Range End The ending value for the server port range. The format is an unsigned integer.

Client IP Address The client IP address. The format is a text string no longer than 45 characters.

Server IP Address The server IP address. The format is a text string no longer than 45 characters.

Session ID Session identifier that uniquely identifies a security session based on the server and client endpoints plus the significant security attributes for the session. The format is a text string no longer than 42 characters.

IKE Major Version Major version of the IKE protocol in use. The format is an unsigned integer.

IKE Minor Version Minor version of the IKE protocol in use. The format is an unsigned integer.

IKE Tunnel Local Auth The authentication method for the local endpoint. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_signature
Preshared_key=3
ECDSA-256_signature=4
ECDSA-384_signature=5
ECDSA-521_signature=6
Digital_signature=7
IKE Tunnel Remote Auth The authentication method for the remote endpoint. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_signature
Preshared_key=3
ECDSA-256_signature=4
ECDSA-384_signature=5
ECDSA-521_signature=6
Digital_signature=7
IKE Tunnel Auth Alg The Tunnel authentication algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
HMAC-MD5=3
HMAC-SHA1=4
HMAC-SHA2-224=5
HMAC-SHA2-256=6
HMAC-SHA2-384=7
HMAC-SHA2-512=8
AES-GMAC-128=9
AES-GMAC-256=10
AES-128-XCBC-96=11
HMAC-SHA2-256-128=12
HMAC-SHA2-384-192=13
HMAC-SHA2-512-256=14
HMAC-MD5-96=15
HMAC-SHA1-96=16
UMAC-64=17
UMAC-128=18
RIPEMD-160=19
IKE Tunnel Encryption The Tunnel encryption algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
DES=2
DES_40=3
3DES=4
RC2_40=5
RC2_128=6
RC2=7
RC4_40=8
RC4_128=9
RC4_256=10
RC4=11
AES_CBC_128=12
AES_CBC_192=13
AES_CBC_256=14
AES_CTR_128=15
AES_CTR_192=16
AES_CTR_256=17
AES_GCM 128=18
AES_GCM_256=19
AES_CCM_128=20
AES_CCM_256=21
AES_CCM8_128=22
AES_CCM8_256=23
AES_256=24
Blowfish=25
Blowfish_CBC=26
CAST_128_CBC=27
ARCFOUR_128=28
ARCFOUR_256=29
ARCFOUR=30
Rijndael_CBC=31
ACSS=32
ARIA_128_CBC=33
ARIA_256_CBC=34
ARIA_128_GCM=35
ARIA_256_GCM=36
Camellia_128_CBC=37
Camellia_256_CBC=38
Camellia_128_GCM=39
Camellia_256_GCM=40
ChaCha20_Poly1305=41
IDEA_CBC=42
SEED_CBC=43
Fortezza=44
GOST28147=45
TwoFish_CBC_256=46
TwoFish_CBC=47
TwoFish_CBC_192=48
TwoFish_CBC_128=49
Serpent_CBC_256=50
Serpent_CBC_192=51
Serpent_CBC_128=52
IKE Tunnel DH Group The Diffie-Hellman group used to generate the keyring material for this IKE tunnel. The format is an unsigned integer that can have the following values:
Unknown_or_manual=0
Group1=1
Group2=2
Group5=5
Group14=14
Group19=19
Group20=20
Group21=21
Group24=24
No_DH_group=255
IKE Tunnel Pseudo Random The pseudo-random function that is used for seeding keyring material for this IKE tunnel. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
HMAC-SHA2-256=2
HMAC-SHA2-384=3
HMAC-SHA2-512=4
AES-128-XCBC=5
HMAC-MD5=6
HMAC-SHA1=7
Local Certificate Signature The local IKE certificate signature method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_with_MD2=2
RSA_with_MD5=3
RSA_with_SHA1=4
DSA_with_SHA1=5
RSA_with_SHA-224=6
RSA_with_SHA-256=7
RSA_with_SHA-384=8
RSA_with_SHA-512=9
ECDSA_with_SHA1=10
ECDSA_with_SHA-224=11
ECDSA_with_SHA-256=12
ECDSA_with_SHA-384=13
ECDSA_with_SHA-512=14
DSA_with_SHA-224=15
DSA_with_SHA-256=16
RSA_PSS_RSAE_with_SHA-256=17
RSA_PSS_RSAE_with_SHA-384=18
RSA_PSS_RSAE_with_SHA-512=19
ED_25519=20
ED_448=21
RSA_PSS_PSS_with_SHA-256=22
RSA_PSS_PSS_with_SHA-384=23
RSA_PSS_PSS_with_SHA-512=24
Local Certificate Encryption The local IKE certificate encryption method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
ECDSA=4
Local Certificate Digest The local IKE certificate digest algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
MD5=3
SHA1=4
SHA-224=5
SHA-256=6
SHA-384=7
SHA-512=8
Local Certificate Key The local IKE certificate key type. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5

Local Certificate Key Length The local IKE certificate key length. The format is an unsigned integer.

Remote Certificate Signature The remote IKE certificate signature method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_with_MD2=2
RSA_with_MD5=3
RSA_with_SHA1=4
DSA_with_SHA1=5
RSA_with_SHA-224=6
RSA_with_SHA-256=7
RSA_with_SHA-384=8
RSA_with_SHA-512=9
ECDSA_with_SHA1=10
ECDSA_with_SHA-224=11
ECDSA_with_SHA-256=12
ECDSA_with_SHA-384=13
ECDSA_with_SHA-512=14
DSA_with_SHA-224=15
DSA_with_SHA-256=16
RSA_PSS_RSAE_with_SHA-256=17
RSA_PSS_RSAE_with_SHA-384=18
RSA_PSS_RSAE_with_SHA-512=19
ED_25519=20
ED_448=21
RSA_PSS_PSS_with_SHA-256=22
RSA_PSS_PSS_with_SHA-384=23
RSA_PSS_PSS_with_SHA-512=24
Remote Certificate Encryption The remote IKE certificate encryption method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
ECDSA=4
Remote Certificate Digest The remote IKE certificate digest algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
MD5=3
SHA1=4
SHA-224=5
SHA-256=6
SHA-384=7
SHA-512=8
Remote Certificate Key The remote IKE certificate key type. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5

Remote Certificate Key Length The remote IKE certificate key length. The format is an unsigned integer.

IKE Tunnel DH PFSGRP The Diffie-Hellman group used for perfect forward secrecy. The format is an unsigned integer that can have the following values:
Unknown_or_manual=0
Group1=1
Group2=2
Group5=5
Group14=14
Group19=19
Group20=20
Group21=21
Group24=24
No_DH_group=255
IKE Tunnel ENCAP MODE The IKE Tunnel encapsulation mode. The format is an unsigned integer that can have the following values:
Unknown=0
Tunnel_Mode=1
Transport_Mode=2
IKE Tunnel MSG AUTH The IKE Tunnel message authentication protocol. The format is an unsigned integer that can have the following values:
Unknown=0
ESP=50
AH=51
IKE Tunnel Auth Alg2 The IKE Tunnel authentication algorithm for IKE phase 2. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
HMAC-MD5=3
HMAC-SHA1=4
HMAC-SHA2-224=5
HMAC-SHA2-256=6
HMAC-SHA2-384=7
HMAC-SHA2-512=8
AES-GMAC-128=9
AES-GMAC-256=10
AES-128-XCBC-96=11
HMAC-SHA2-256-128=12
HMAC-SHA2-384-192=13
HMAC-SHA2-512-256=14
HMAC-MD5-96=15
HMAC-SHA1-96=16
UMAC-64=17
UMAC-128=18
RIPEMD-160=19
IKE Tunnel Encryption2 The IKE Tunnel encryption algorithm for IKE phase 2. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
DES=2
DES_40=3
3DES=4
RC2_40=5
RC2_128=6
RC2=7
RC4_40=8
RC4_128=9
RC4_256=10
RC4=11
AES_CBC_128=12
AES_CBC_192=13
AES_CBC_256=14
AES_CTR_128=15
AES_CTR_192=16
AES_CTR_256=17
AES_GCM 128=18
AES_GCM_256=19
AES_CCM_128=20
AES_CCM_256=21
AES_CCM8_128=22
AES_CCM8_256=23
AES_256=24
Blowfish=25
Blowfish_CBC=26
CAST_128_CBC=27
ARCFOUR_128=28
ARCFOUR_256=29
ARCFOUR=30
Rijndael_CBC=31
ACSS=32
ARIA_128_CBC=33
ARIA_256_CBC=34
ARIA_128_GCM=35
ARIA_256_GCM=36
Camellia_128_CBC=37
Camellia_256_CBC=38
Camellia_128_GCM=39
Camellia_256_GCM=40
ChaCha20_Poly1305=41
IDEA_CBC=42
SEED_CBC=43
Fortezza=44
GOST28147=45
TwoFish_CBC_256=46
TwoFish_CBC=47
TwoFish_CBC_192=48
TwoFish_CBC_128=49
Serpent_CBC_256=50
Serpent_CBC_192=51
Serpent_CBC_128=52

IKE Tunnel Local IP The Local IP address of tunnel endpoint. The format is a text string of up to 45 characters.

IKE Tunnel Remote IP The Remote IP address of tunnel endpoint. The format is a text string of up to 45 characters.