Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
288
33.2.6 SA Monitor Commands
This table lists the commands for the SA monitor.
show vpn-configuration-provision
iosfilter
Displays if over-the-air VPN provisioning for mobile Apple (iOS)
devices is enabled on the Zyxel Device.
vpn-configuration-provision
generate {ios | windows |
android} ikev2-wizard profile
<profile name>
Downloads a VPN configuration script to send to VPN clients using a
supported operating system. Uses profile name to set the file
name for the downloaded configuration script.
To use the download script, your device needs to support:
• Windows 8 and later version.
• iOS 13 and later version.
• MAC OS 10.12.2 and later version.
• Android 10.0 and later version. Install strongSwan VPN client
version 2.3.3 or later on your device first.
Table 151 vpn-configuration-provision Commands: VPN Configuration Provisioning
COMMAND DESCRIPTION
Table 152 sa Commands: SA Monitor
COMMAND DESCRIPTION
show sa monitor [{begin
<1..1000>} | {end
<1..1000>} | {crypto-map
regexp} | {policy regexp}
|{rsort sort_order} |
{sort sort_order}]
Displays the current IPSec SAs and the status of each one. You can specify
a range of SA entries to display. You can also control the sort order of the
display and search by VPN connection or (local or remote) policy.
regexp: A keyword or regular expression. Use up to 30 alphanumeric and
_+-.()!$*^:?|{}[]<>/ characters.
A question mark (?) lets a single character in the VPN connection or policy
name vary. For example, use “a?c” (without the quotation marks) to
specify abc, acc and so on.
Wildcards (*) let multiple VPN connection or policy names match the
pattern. For example, use “*abc” (without the quotation marks) to specify
any VPN connection or policy name that ends with “abc”. A VPN
connection named “testabc” would match. There could be any number
(of any type) of characters in front of the “abc” at the end and the VPN
connection or policy name would still match. A VPN connection or policy
name named “testacc” for example would not match.
A * in the middle of a VPN connection or policy name has the Zyxel Device
check the beginning and end and ignore the middle. For example, with
“abc*123”, any VPN connection or policy name starting with “abc” and
ending in “123” matches, no matter how many characters are in
between.
The whole VPN connection or policy name has to match if you do not use
a question mark or asterisk.
See Table 146 on page 277 for other parameter description.
show isakmp sa
Displays current IKE SA and the status of each one.
no sa spi spi
Deletes the SA specified by the SPI.
spi: 2-8 hexadecimal (0-9, A-F) characters
no sa tunnel-name map_name
Deletes the specified IPSec SA.
show sa counter
Displays the IPSec VPN tunnels that are currently established.
show vpn-counters
Displays VPN traffic statistics.
To Next Page
Loading...
