show security ipsec sa
Syntax show security ipsec sa
show security ike sa detail
Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services
Platform.
Description Display information about the IPSec Security Association (SA).
Required Privilege
Level
view
Related
Documentation
ipsec on page 194•
List of Sample Output show security ipsec sa on page 207
show security ipsec sa detail on page 207
Output Fields Table 28 on page 204 lists the output fields for the show security ipsec sa command and
Table 29 on page 205 lists the output fields for the show security ipsec sa detail command.
Output fields are listed in the approximate order in which they appear.
Table 28: show security ipsec sa Output Fields
Field DescriptionField Name
Total number of active IPsec tunnels.Total active tunnels
Index number of the SA. You can use this number to get additional information about
the SA.
ID
Cryptography used to secure exchanges between peers during the IKE Phase 2
negotiations includes:
• An authentication algorithm used to authenticate exchanges between the peers.
Options are hmac-md5-96, hmac-sha-256-128, or hmac-sha1-96.
• An encryption algorithm used to encrypt data traffic. Options are 3des-cbc,
aes-128-cbc, aes-192-cbc, aes-256-cbc, or des-cbc.
Algorithm
Security parameter index (SPI) identifier. An SA is uniquely identified by an SPI. Each
entry includes the name of the VPN, the remote gateway address, the SPIs for each
direction, the encryption and authentication algorithms, and keys. The peer gateways
each have two SAs, one resulting from each of the two phases of negotiation: Phase 1
and Phase 2.
SPI
The lifetime of the SA, after which it expires, expressed either in seconds or kilobytes.Life:sec/kb
The Mon field refers to VPN monitoring status. If VPN monitoring is enabled, then this
field displays U (up) or D (down). A hyphen (-) means VPN monitoring is not enabled
for this SA. A V means that IPSec datapath verification is in progress.
Mon
Copyright © 2017, Juniper Networks, Inc.204
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
Need help?
General
