[Contents] [Prev] [Next] [Index] [Report an Error]

Checking Your Work

To verify proper operation of a dynamic endpoint tunnel configured on the AS PIC, use the following command:

show services ipsec-vpn ipsec security-associations (detail)

The following section shows output from this command used with the configuration example. The dynamically created rule _junos_ appears in the output, as well as the establishment of the inbound and outbound dynamically created tunnels.

user@router> show services ipsec-vpn ipsec security-associations detail

Service set: dynamic_nh_ss

 

  Rule: _junos_, Term: tunnel4, Tunnel index: 4

  Local gateway: 10.7.7.2, Remote gateway: 10.7.7.1

  Local identity: ipv4(any:0,[0..3]=10.255.14.63)

  Remote identity: ipv4(any:0,[0..3]=10.255.14.64)

 

    Direction: inbound, SPI: 428111023, AUX-SPI: 0

    Mode: tunnel, Type: dynamic, State: Installed

    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc

    Soft lifetime: Expires in 27660 seconds

    Hard lifetime: Expires in 27750 seconds

    Anti-replay service: Enabled, Replay window size: 64

 

    Direction: outbound, SPI: 4035429231, AUX-SPI: 0

    Mode: tunnel, Type: dynamic, State: Installed

    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc

    Soft lifetime: Expires in 27660 seconds

    Hard lifetime: Expires in 27750 seconds

    Anti-replay service: Enabled, Replay window size: 64
[Contents] [Prev] [Next] [Index] [Report an Error]