Router 3

View the firewall filter counter to continue verifying that matched traffic is being diverted to the bidirectional IPSec tunnel. After you issue the ping command from Router 1 (three packets), the es-traffic firewall filter counter looks like this:

user@R3> show firewall filter es-traffic

Filter: es-traffic

Counters:

Name                                                Bytes              Packets

ipsec-tunnel                                          252                    3

After you issue the ping command from both Router 1 (three packets) and Router 4 (two packets), the es-traffic firewall filter counter looks like this:

user@R3> show firewall filter es-traffic

Filter: es-traffic

Counters:

Name                                                Bytes              Packets

ipsec-tunnel                                          420                    5

To verify that the IPSec security association is active, issue the show ipsec security-associations detail command. Notice that the SA on Router 3 contains the same settings you specified on Router 2.

user@R3> show ipsec security-associations detail

Security association: sa-manual, Interface family: Up

  Local gateway: 10.1.15.2, Remote gateway: 10.1.15.1

  Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

  Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

    Direction: inbound, SPI: 400, AUX-SPI: 0

    Mode: tunnel, Type: manual, State: Installed

    Protocol: AH, Authentication: hmac-md5-96, Encryption: None

    Anti-replay service: Disabled

    Direction: outbound, SPI: 400, AUX-SPI: 0

    Mode: tunnel, Type: manual, State: Installed

    Protocol: AH, Authentication: hmac-md5-96, Encryption: None

    Anti-replay service: Disabled