Table 28: show security ipsec sa Output Fields (continued)
Field DescriptionField Name
The root system.lsys
If Network Address Translation (NAT) is used, this value is 4500. Otherwise, it is the
standard IKE port, 500.
Port
Gateway address of the system.Gateway
Table 29: show security ipsec sa detail Output Fields
Field DescriptionField Name
Index number of the SA. You can use this number to get additional information about
the SA.
ID
The virtual system name.Virtual-system
IPSec name for VPN.VPN Name
Gateway address of the local system.Local Gateway
Gateway address of the remote system.Remote Gateway
Name of the traffic selector.Traffic Selector Name
Identity of the local peer so that its partner destination gateway can communicate with
it. The value is specified as an IP address, fully qualified domain name, e-mail address,
or distinguished name (DN).
Local Identity
IP address of the destination peer gateway.Remote Identity
IKE version. For example, IKEv1, IKEv2.Version
State of the don't fragment bit: set or cleared.DF-bit
The tunnel interface to which the route-based VPN is bound.Bind-interface
Tunnel Events
Direction of the SA; it can be inbound or outbound.Direction
Value of the auxiliary security parameter index(SPI).
• When the value is AH or ESP, AUX-SPI is always 0.
• When the value is AH+ESP, AUX-SPI is always a positive integer.
AUX-SPI
If VPN monitoring is enabled, then the Mon field displays U (up) or D (down). A hyphen
(-) means VPN monitoring is not enabled for this SA. A V means that IPSec datapath
verification is in progress.
VPN Monitoring
205Copyright © 2017, Juniper Networks, Inc.
Chapter 9: IPSec-NM Configuration Statements and Operational Commands
To Next Page
Loading...
