show security ike security-associations
语法
show security ike security-associations
<peer-address>
<brief | detail>
<family (inet | inet6)>
<fpc slot-number>
<index SA-index-number>
<kmd-instance (all | kmd-instance-name)>
<node-local>
<pic slot-number>
<sa-type shortcut >
<srg-id id-number>
<ha-link-encryption>
描述
显示有关互联网密钥交换安全关联 (IKE SA) 的信息。
选项
-
none - 显示有关现有 IKE SA 的标准信息,包括索引号。
-
peer-address
—(可选)根据目标对等方的 IPv4 或 IPv6 地址显示有关特定 SA 的详细信息。此选项和index
提供相同级别的输出。 -
brief
—(可选)显示有关所有现有 IKE SA 的标准信息。(默认) -
detail
—(可选)显示有关所有现有 IKE SA 的详细信息。 -
family
—(可选)按家族显示 IKE SA。此选项用于筛选输出。-
inet
—IPv4 地址族。 -
inet6
—IPv6 地址族。
-
-
fpc slot-number
—(可选)显示有关此灵活 PIC 集中器 (FPC) 插槽中现有 IKE SA 的信息。此选项用于筛选输出。在机箱群集中,在操作模式下执行 CLI 命令
show security ike security-associations pic <slot-number> fpc <slot-number>
时,仅显示有关指定灵活 PIC 集中器 (FPC) 插槽和 PIC 插槽中现有 IPsec SA 的主节点信息。从 Junos OS 23.4R1 版开始,安装软件包以使用进程运行
IKED
IPsec VPN 时junos-ike
,此选项不可用。 -
index SA-index-number
—(可选)根据特定 SA 的索引号显示该 SA 的信息。对于特定 SA,请使用不带选项的命令显示现有 SA 的列表。此选项和peer-address
提供相同级别的输出。
-
kmd-instance
—(可选)显示由 FPC slot-number 和 PIC slot-number标识的密钥管理进程中的现有 IKE SA(在本例中为 KMD)的相关信息。此选项用于筛选输出。-
all
— 在服务处理单元 (SPU) 上运行的所有 KMD 实例。 -
kmd-instance-name
—在 SPU 上运行的 KMD 实例的名称。
从 Junos OS 23.4R1 版开始,安装软件包以使用进程运行
IKED
IPsec VPN 时junos-ike
,此选项不可用。 -
node-local | —(可选)显示有关多节点高可用性设置中节点本地隧道的 IKE SA 的信息。 |
-
pic slot-number
—(可选)显示有关此 PIC 插槽中现有 IKE SA 的信息。此选项用于筛选输出。从 Junos OS 23.4R1 版开始,安装软件包以使用进程运行
IKED
IPsec VPN 时junos-ike
,此选项不可用。 -
sa-type shortcut
—(可选)它适用于 ADVPN。按类型shortcut
显示有关 IKE SA 的信息。
-
ha-link-encryption
—(可选)仅显示与机箱间链路隧道相关的信息。请参阅 ipsec(高可用性)并显示安全 ike 安全关联 ha-link-encryption (SRX5400、SRX5600、SRX5800)。
-
srg-id
—(可选)显示与特定服务冗余组 (SRG) 相关的信息。
所需权限级别
视图
输出字段
表 1 列出了命令 show security ike security-associations
的输出字段。输出字段按其出现的大致顺序列出。
字段名称 |
字段说明 |
---|---|
|
本地对等方与之通信的目标对等方的 IP 地址。 |
|
SA 的索引号。此数字是内部生成的数字,可用于显示有关单个 SA 的信息。 |
|
IKE 网关的名称。 |
|
|
|
在 IKE 会话中扮演的角色。触发 IKE 协商的设备是发起方,接受第一个 IKE 交换数据包的设备是响应方。 |
|
IKE SA 的状态:
|
|
随机数,称为 Cookie,在触发 IKE 协商时发送到远程节点。 |
|
由远程节点生成并发送回发起方以验证是否已收到数据包的随机数。 Cookie 旨在保护计算资源免受攻击,而无需花费过多的 CPU 资源来确定 Cookie 的真实性。 |
|
由两个 IPsec 终结点(或对等方)商定的协商方法,用于在彼此之间交换信息。每种交换类型或模式确定消息数和每条消息中包含的有效负载类型。模式包括:
IKEv2 协议不使用模式配置进行协商。因此,该模式显示安全关联的版本号。 |
|
用于验证 IKE 消息源的方法, |
|
本地对等方的地址。 |
|
远程对等方的地址。 |
|
IKE SA 过期前剩余的秒数。 |
|
启用后,重新身份验证触发新的 IKEv2 SA 协商之前的剩余秒数。 |
|
|
|
在 IPsec 第 2 阶段过程中,用于加密和保护对等方之间交换的 IKE 算法:
|
|
|
|
向密钥管理进程发送 IKE 协商状态的通知:
|
|
|
|
正在进行的第 2 阶段 IKE 协商数和状态信息:
|
|
本地网关的接口名称。 |
|
本地网关路由实例的名称。 |
|
指示子 IPsec 隧道 ID 的列表 |
示例输出
- 显示安全 IKE 安全关联 (IPv4)
- 显示安全 IKE 安全关联 (IPv6)
- 显示安全 IKE 安全关联详细信息(SRX300、SRX320、SRX340、SRX345 和SRX550HM设备)
- 显示安全 IKE 安全关联详细信息(SRX5400、SRX5600 和SRX5800设备)
- 命令名称
- 显示安全 IKE 安全关联系列 INET6
- 显示安全 IKE 安全关联索引222075191详细信息
- 显示安全 IKE 安全关联索引788674详细信息
- 显示安全 IKE 安全关联 192.168.1.2
- 显示安全 IKE 安全关联 FPC 6 PIC 1 kmd 实例全部(SRX 系列防火墙)
- 显示安全 IKE 安全关联详细信息(ADVPN 建议器、静态隧道)
- 显示安全 IKE 安全关联详细信息(ADVPN 伙伴,静态隧道)
- 显示安全 IKE 安全关联详细信息(ADVPN 合作伙伴,快捷方式)
- 显示安全 IKE 安全关联 SA 类型快捷方式 (ADVPN)
- 显示安全 IKE 安全关联 SA 类型快捷方式详细信息 (ADVPN)
- 显示安全 IKE 安全关联详细信息(IKEv2 重新验证)
- 显示安全 IKE 安全关联详细信息(IKEv2 分段)
- 显示安全 IKE 安全关联 HA-链路加密(SRX5400、SRX5600、SRX5800)
- 显示安全 IKE 安全关联 SRG-ID
- 显示安全 IKE 安全关联节点本地
- 显示安全 IKE 安全关联节点本地详细信息
显示安全 IKE 安全关联 (IPv4)
user@host> show security ike security-associations Index Remote Address State Initiator cookie Responder cookie Mode 8 192.168.1.2 UP 3a895f8a9f620198 9040753e66d700bb Main Index Remote Address State fInitiator cookie Responder cookie Mode 9 192.168.1.3 UP 5ba96hfa9f65067 70890755b65b80b Main
显示安全 IKE 安全关联 (IPv6)
user@host> show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 5 UP e48efd6a444853cf 0d09c59aafb720be Aggressive 2001:db8::1112
显示安全 IKE 安全关联详细信息(SRX300、SRX320、SRX340、SRX345 和SRX550HM设备)
user@host> show security ike security-associations detail IKE peer 192.168.134.245, Index 2577565, Gateway Name: tropic Role: Initiator, State: UP Initiator cookie: b869b3424513340a, Responder cookie: 4cb3488cb19397c3 Exchange type: Main, Authentication method: Pre-shared-keys Trusted CA group: xyz_ca_grp Local: 192.168.134.241:500, Remote: 192.168.134.245:500 Local gateway interface: ge-0/0/0 Routing instance: default Lifetime: Expires in 169 seconds Peer ike-id: 192.168.134.245 AAA assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha1-96 Encryption : aes-128-gcm Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 1012 Output bytes : 1196 Input packets: 4 Output packets: 5 Flags: IKE SA is created IPSec security associations: 1 created, 0 deleted Phase 2 negotiations in progress: 0 Negotiation type: Quick mode, Role: Initiator, Message ID: 0 Local: 192.168.134.241:500, Remote: 192.168.134.245:500 Local identity: 192.168.134.241 Remote identity: 192.168.134.245 Flags: IKE SA is created IPsec SA Rekey CREATE_CHILD_SA exchange stats: Initiator stats: Responder stats: Request Out : 1 Request In : 0 Response In : 1 Response Out : 0 No Proposal Chosen In : 0 No Proposal Chosen Out : 0 Invalid KE In : 0 Invalid KE Out : 0 TS Unacceptable In : 0 TS Unacceptable Out : 0 Res DH Compute Key Fail : 0 Res DH Compute Key Fail: 0 Res Verify SA Fail : 0 Res Verify DH Group Fail: 0 Res Verify TS Fail : 0
显示安全 IKE 安全关联详细信息(SRX5400、SRX5600 和SRX5800设备)
user@host> show security ike security-associations detail IKE peer 2.0.0.2, Index 2068, Gateway Name: IKE_GW Role: Responder, State: DOWN Initiator cookie: aa08091f3d4f1fb6, Responder cookie: 08c89a7add5f9332 Exchange type: IKEv2, Authentication method: Pre-shared-keys Local gateway interface: ge-0/0/3 Routing instance: default Local: 2.0.0.1:500, Remote: 2.0.0.2:500 Lifetime: Expires in 186 seconds Reauth Lifetime: Disabled IKE Fragmentation: Enabled, Size: 576 Remote Access Client Info: Unknown Client Peer ike-id: 2.0.0.2 AAA assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha256-128 Encryption : aes128-cbc Pseudo random function: hmac-sha256 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 704 Output bytes : 1408 Input packets: 4 Output packets: 4 Input fragmented packets: 0 Output fragmented packets: 0 IPSec security associations: 4 created, 2 deleted Phase 2 negotiations in progress: 1 IPSec Tunnel IDs: 500766, 500767 Negotiation type: Quick mode, Role: Responder, Message ID: 0 Local: 2.0.0.1:500, Remote: 2.0.0.2:500 Local identity: 2.0.0.1 Remote identity: 2.0.0.2 Flags: IKE SA is created IPsec SA Rekey CREATE_CHILD_SA exchange stats: Initiator stats: Responder stats: Request Out : 0 Request In : 0 Response In : 0 Response Out : 0 No Proposal Chosen In : 0 No Proposal Chosen Out : 0 Invalid KE In : 0 Invalid KE Out : 0 TS Unacceptable In : 0 TS Unacceptable Out : 0 Res DH Compute Key Fail : 0 Res DH Compute Key Fail: 0 Res Verify SA Fail : 0 Res Verify DH Group Fail: 0 Res Verify TS Fail : 0
命令名称
显示安全性 ike 统计信息主题列出了命令的show security ike security-associations detail
输出字段。
显示安全 IKE 安全关联系列 INET6
user@host> show security ike security-associations family inet6 IKE peer 2001:db8:1212::1112, Index 5, Gateway Name: tropic Role: Initiator, State: UP Initiator cookie: e48efd6a444853cf, Responder cookie: 0d09c59aafb720be Exchange type: Aggressive, Authentication method: Pre-shared-keys Local: 2001:db8:1212::1111:500, Remote: 2001:db8:1212::1112:500 Lifetime: Expires in 19518 seconds Peer ike-id: not valid AAA assigned IP: 0.0.0.0 Algorithms: Authentication : sha1 Encryption : 3des-cbc Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 1568 Output bytes : 2748 Input packets: 6 Output packets: 23 Flags: Caller notification sent IPSec security associations: 5 created, 0 deleted Phase 2 negotiations in progress: 1 Negotiation type: Quick mode, Role: Initiator, Message ID: 2900338624 Local: 2001:db8:1212::1111:500, Remote: 2001:db8:1212::1112:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done
显示安全 IKE 安全关联索引222075191详细信息
user@host> show security ike security-associations index 222075191 detail node0: - IKE peer 192.168.1.2, Index 222075191, Gateway Name: ZTH_HUB_GW Location: FPC 0, PIC 3, KMD-Instance 2 Auto Discovery VPN: Type: Static, Local Capability: Suggester, Peer Capability: Partner Suggester Shortcut Suggestions Statistics: Suggestions sent : 2 Suggestions accepted: 4 Suggestions declined: 1 Role: Responder, State: UP Initiator cookie: 7b996b4c310d2424, Responder cookie: 5724c5882a212157 Exchange type: IKEv2, Authentication method: RSA-signatures Local: 192.168.1.1:500, Remote: 192.168.1.2:500 Lifetime: Expires in 828 seconds Peer ike-id: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=cssvk36-d Xauth user-name: not available Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha1-96 Encryption : aes256-cbc Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 20474 Output bytes : 21091 Input packets: 237 Output packets: 237 IPSec security associations: 2 created, 0 deleted Phase 2 negotiations in progress: 1 Negotiation type: Quick mode, Role: Responder, Message ID: 0 Local: 192.168.1.1:500, Remote: 192.168.1.2:500 Local identity: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=host1 Remote identity: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=host2 Flags: IKE SA is created
显示安全 IKE 安全关联索引788674详细信息
user@host> show security ike security-associations index 788674 detail IKE peer 192.168.1.1, Index 788674, Gateway Name: ZTH_SPOKE_GW Auto Discovery VPN: Type: Static, Local Capability: Partner, Peer Capability: Suggester Partner Shortcut Suggestions Statistics: Suggestions received: 2 Suggestions accepted: 2 Suggestions declined: 0 Role: Initiator, State: UP Initiator cookie: 7b996b4c310d2424, Responder cookie: 5724c5882a212157 Exchange type: IKEv2, Authentication method: RSA-signatures Local: 192.168.1.2:500, Remote: 192.168.1.1:500 Lifetime: Expires in 734 seconds Peer ike-id: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=test Xauth user-name: not available Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha1-96 Encryption : aes256-cbc Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 22535 Output bytes : 21918 Input packets: 256 Output packets: 256 IPSec security associations: 2 created, 0 deleted Phase 2 negotiations in progress: 1 Negotiation type: Quick mode, Role: Initiator, Message ID: 0 Local: 192.168.1.2:500, Remote: 192.168.1.1:500 Local identity: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=host1 Remote identity: C=US, DC=example, ST=CA, L=Sunnyvale, O=example, OU=engineering, CN=host2 Flags: IKE SA is created
显示安全 IKE 安全关联 192.168.1.2
user@host> show security ike security-associations 192.168.1.2 Index State Initiator cookie Responder cookie Mode Remote Address 8 UP 3a895f8a9f620198 9040753e66d700bb Main 192.168.1.2
显示安全 IKE 安全关联 FPC 6 PIC 1 kmd 实例全部(SRX 系列防火墙)
user@host> show security ike security-associations fpc 6 pic 1 kmd-instance all Index Remote Address State Initiator cookie Responder cookie Mode 1728053250 192.168.1.2 UP fc959afd1070d10b bdeb7e8c1ea99483 Main
显示安全 IKE 安全关联详细信息(ADVPN 建议器、静态隧道)
user@host> show security ike security-associations detail IKE peer 192.168.0.105, Index 13563297, Gateway Name: zth_hub_gw Location: FPC 0, PIC 0, KMD-Instance 1 Auto Discovery VPN: Type: Static, Local Capability: Suggester, Peer Capability: Partner Suggester Shortcut Suggestions Statistics: Suggestions sent : 12 Suggestion response accepted: 12 Suggestion response declined: 0 Role: Responder, State: UP Initiator cookie: 4d3f4e4b2e75d727, Responder cookie: 81ab914e13cecd21 Exchange type: IKEv2, Authentication method: RSA-signatures Local: 192.168.0.154:500, Remote: 192.168.0.105:500 Lifetime: Expires in 26429 seconds Peer ike-id: DC=example, CN=host02, L=Sunnyvale, ST=CA, C=US
显示安全 IKE 安全关联详细信息(ADVPN 伙伴,静态隧道)
user@host> show security ike security-associations detail IKE peer 192.168.0.154, Index 4980720, Gateway Name: zth_spoke_gw Location: FPC 0, PIC 0, KMD-Instance 1 Auto Discovery VPN: Type: Static, Local Capability: Partner, Peer Capability: Suggester Partner Shortcut Suggestions Statistics: Suggestions received: 12 Suggestions accepted: 12 Suggestions declined: 0 Role: Initiator, State: UP Initiator cookie: 4d3f4e4b2e75d727, Responder cookie: 81ab914e13cecd21 Exchange type: IKEv2, Authentication method: RSA-signatures Local: 192.168.0.105:500, Remote: 192.168.0.154:500 Lifetime: Expires in 26252 seconds Peer ike-id: DC=example, CN=host01, OU=SBU, O=example, L=Sunnyvale, ST=CA, C=US
显示安全 IKE 安全关联详细信息(ADVPN 合作伙伴,快捷方式)
user@host> show security ike security-associations detail IKE peer 192.168.0.106, Index 4980737, Gateway Name: GW-ADVPN-GT-ADVPN-zth_spoke_vpn-268173323 Location: FPC 0, PIC 0, KMD-Instance 1 Auto Discovery VPN: Type: Shortcut, Local Capability: Partner, Peer Capability: Partner Role: Responder, State: UP Initiator cookie: e1ed0c655929debc, Responder cookie: 437de6ed784ba63e Exchange type: IKEv2, Authentication method: RSA-signatures Local: 192.168.0.105:500, Remote: 192.168.0.106:500 Lifetime: Expires in 28796 seconds Peer ike-id: DC=example, CN=paulyd, L=Sunnyvale, ST=CA, C=US
显示安全 IKE 安全关联 SA 类型快捷方式 (ADVPN)
user@host> show security ike security-associations sa-type shortcut Index State Initiator cookie Responder cookie Mode Remote Address 4980742 UP vb56fbe694eaee5b6 064dbccbfa3b2aab IKEv2 192.168.0.106
显示安全 IKE 安全关联 SA 类型快捷方式详细信息 (ADVPN)
user@host> show security ike security-associations sa-type shortcut detail IKE peer 192.168.0.106, Index 4980742, Gateway Name: GW-ADVPN-GT-ADVPN-zth_spoke_vpn-268173327 Location: FPC 0, PIC 0, KMD-Instance 1 Auto Discovery VPN: Type: Shortcut, Local Role: Partner, Peer Role: Partner Role: Responder, State: UP
显示安全 IKE 安全关联详细信息(IKEv2 重新验证)
user@host> show security ike security-associations detail IKE peer 10.1.2.11, Index 6009224, Gateway Name: GW Role: Responder, State: UP Initiator cookie: 2c74d14c798a9d70, Responder cookie: 83cbb49bfbcb80cb Exchange type: IKEv2, Authentication method: RSA-signatures Local: 10.1.1.11:500, Remote: 10.1.2.11:500 Lifetime: Expires in 173 seconds Reauth Lifetime: Expires in 600 seconds Peer ike-id: vsrx@example.net AAA assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha1-96 Encryption : aes128-cbc Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-2 Traffic statistics: Input bytes : 1782 Output bytes : 1743 Input packets: 2
显示安全 IKE 安全关联详细信息(IKEv2 分段)
user@host> show security ike security-associations detail IKE peer 172.24.23.157, Index 11883008, Gateway Name: routebased_s2s_gw-552_1 Role: Responder, State: UP Initiator cookie: f3255e720f162e3a, Responder cookie: 17555e3ff7451841 Exchange type: Main, Authentication method: Pre-shared-keys Trusted CA group: xyz_ca_grp Local: 192.168.254.1:500, Remote: 172.24.23.157:500 Lifetime: Expires in 530 seconds Reauth Lifetime: Disabled IKE Fragmentation: Enabled, Size: 576 Peer ike-id: 172.24.23.157 AAA assigned IP: 0.0.0.0 Algorithms: Authentication : hmac-sha1-96 Encryption : 3des-cbc Pseudo random function: hmac-sha1 Diffie-Hellman group : DH-group-5 Traffic statistics: Input bytes : 1004 Output bytes : 756 Input packets: 6 Output packets: 4 Input fragmented packets: 3 Output fragmented packets: 3 IPSec security associations: 1 created, 1 deleted Phase 2 negotiations in progress: 1 Negotiation type: Quick mode, Role: Responder, Message ID: 0 Local: 192.168.254.1:500, Remote: 172.24.23.157:500 Local identity: 192.168.254.1 Remote identity: 172.24.23.157 Flags: IKE SA is created
显示安全 IKE 安全关联 HA-链路加密(SRX5400、SRX5600、SRX5800)
从 Junos OS 20.4R1 版开始,配置高可用性 (HA) 功能时,可以使用此 show 命令仅查看机箱间链路隧道详细信息。以下命令仅显示两个节点上的链路加密 SA。
user@host> show security ike security-associations ha-link-encryption Index State Initiator cookie Responder cookie Mode Remote Address 4294966287 UP 7b77b4e2fd5a87e5 ab4a398e6a28687a IKEv2 23.0.0.2
显示安全 IKE 安全关联 SRG-ID
user@host> show security ike security-associations srg-id 1 Index State Initiator cookie Responder cookie Mode Remote Address 16778113 UP 16d1f4efae91608c 53f234767bdd0b9b IKEv2 10.112.0.1
显示安全 IKE 安全关联节点本地
user@host> show security ike security-associations node-local Index State Initiator cookie Responder cookie Mode Remote Address 24 UP c982a43f5dd03bf0 c37ae96722a0e1bc IKEv2 6.0.0.2
显示安全 IKE 安全关联节点本地详细信息
user@host> show security ike security-associations node-local IKE peer 6.0.0.2, Index 25, Gateway Name: IKEv1_GW Role: Responder, State: UP Initiator cookie: 34b2b16c3dd35442, Responder cookie: 91fc9975f83e932d Exchange type: IKEv2, Authentication method: RSA-signatures Local gateway interface: xe-0/0/2.0 Routing instance: default Local: 4.0.0.1:500, Remote: 6.0.0.2:500 Lifetime: Expires in 1159 seconds Reauth Lifetime: Disabled IKE Fragmentation: Enabled, Size: 576 Remote Access Client Info: Unknown Client Peer ike-id: DC=juniper, CN=r0, OU=marketing, O=juniper, L=sunnyvale, ST=california, C=us AAA assigned IP: 0.0.0.0 PPK-profile: None Algorithms: Authentication : hmac-sha384-192 Encryption : aes256-cbc Pseudo random function: hmac-sha384 Diffie-Hellman group : DH-group-19 Traffic statistics: Input bytes : 3434 Output bytes : 3427 Input packets: 15 Output packets: 15 Input fragmented packets: 4 Output fragmented packets: 4 IPSec security associations: 4 created, 1 deleted Phase 2 negotiations in progress: 1 IPSec Tunnel IDs: 500003 Negotiation type: Quick mode, Role: Responder, Message ID: 0 Local: 4.0.0.1:500, Remote: 6.0.0.2:500 Local identity: DC=juniper, CN=r0, OU=marketing, O=juniper, L=sunnyvale, ST=california, C=us Remote identity: DC=juniper, CN=r0, OU=marketing, O=juniper, L=sunnyvale, ST=california, C=us Flags: IKE SA is created IPsec SA Rekey CREATE_CHILD_SA exchange stats: Initiator stats: Responder stats: Request Out : 0 Request In : 0 Response In : 0 Response Out : 0 No Proposal Chosen In : 0 No Proposal Chosen Out : 0 Invalid KE In : 0 Invalid KE Out : 0 TS Unacceptable In : 0 TS Unacceptable Out : 0 Res DH Compute Key Fail : 0 Res DH Compute Key Fail: 0 Res Verify SA Fail : 0 Res Verify DH Group Fail: 0 Res Verify TS Fail : 0
发布信息
在 Junos OS 8.5 版中引入的命令。支持 Junos OS 9.3 版中添加的 fpc
、 pic
和 kmd-instance
选项。支持 Junos OS 11.1 版中添加的选项 family
。支持 Junos OS 版本 12.3X48-D10 中添加的自动发现 VPN。Junos OS 版本 15.1X49-D60 中添加了对 IKEv2 重新身份验证的支持。支持 Junos OS 版本 15.1X49-D80 中添加的 IKEv2 分段。
ha-link-encryption
支持 Junos OS 20.4R1 版中添加的选项。
支持 Junos OS 22.4R1 版中添加的选项 srg-id
。
支持 Junos OS 23.2R1 版中添加的选项 node-local
。