Sample Output
show security ipsec sa
user@jdm> show security ipsec sa
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway
<67109793 ESP:aes-cbc-256/sha256 e651d79e 2578/ unlim - root 500 2.2.2.2
>67109793 ESP:aes-cbc-256/sha256 8ac9ce8 2578/ unlim - root 500 2.2.2.2
show security ipsec sa detail
user@jdm> show security ipsec sa detail
ID: 67109793 Virtual-system: root, VPN Name: VPN1
Local Gateway: 3.3.3.2, Remote Gateway: 2.2.2.2
Traffic Selector Name: VPN1_TS1
Local Identity: ipv4(51.0.1.0-51.0.1.255)
Remote Identity: ipv4(41.0.1.0-41.0.1.255)
Version: IKEv1
DF-bit: clear, Copy-Outer-DSCP Disabled, Bind-interface: st0.1
Port: 500, Nego#: 0, Fail#: 0, Def-Del#: 0 Flag: 0x2c608b29
Tunnel events:
Wed Aug 16 2017 23:50:07 -0700: IPSec SA negotiation successfully completed
(1 times)
Wed Aug 16 2017 23:50:07 -0700: IKE SA negotiation successfully completed (1
times)
Wed Aug 16 2017 23:49:46 -0700: Negotiation failed with error code
AUTHENTICATION_FAILED received from peer (2 times)
Wed Aug 16 2017 23:49:30 -0700: Tunnel is ready. Waiting for trigger event
or peer to trigger negotiation (1 times)
Direction: inbound, SPI: e651d79e, AUX-SPI: 0, VPN Monitoring: -
Hard lifetime: Expires in 2552 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 1988 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha256-128, Encryption: aes-cbc (256 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
Direction: outbound, SPI: 8ac9ce8, AUX-SPI: 0, VPN Monitoring: -
Hard lifetime: Expires in 2552 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 1988 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha256-128, Encryption: aes-cbc (256 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
207Copyright © 2017, Juniper Networks, Inc.
Chapter 9: IPSec-NM Configuration Statements and Operational Commands
To Next Page
Loading...
