show security ipsec tunnel-events-statistics
语法
show security ipsec tunnel-events-statistics
描述
显示隧道事件统计信息。
所需权限级别
视图
示例输出
显示安全 IPsec 隧道事件统计信息
user@host> show security ipsec tunnel-events statistics IPSec SA delete payload received from peer : 153 Configuration change triggered clearing of IPSec SA : 1 Peer's remote IKE-ID validation failed during negotiation : 2 Phase1 proposal mismatch detected : 2 Phase2 proposal mismatch detected : 2 Peer proposed traffic-selectors are not in configured range : 8576 Negotiation failed as peer did not respond : 4 IKE SA negotiation successfully completed : 19 IPSec SA negotiation successfully completed : 154 PKI validation failed: Peer's CA not configured in trusted-CA-group in IKE policy : 1 Tunnel is ready. Waiting for trigger event or peer to trigger negotiation : 1
发布信息
在 Junos OS 12.3X48-D10 版中引入的命令。
从 Junos OS 版本 15.1X49-D120 开始,您可以在 [edit security ike gateway gateway-name dynamic
] 层次结构级别配置 CLI 选项reject-duplicate-connection
,以保留现有隧道会话并拒绝具有相同 IKE ID 的新隧道的协商请求。默认情况下,当建立具有相同 IKE ID 的新隧道时,将拆除现有隧道。reject-duplicate-connection
仅当为 IKE 网关配置 或 ike-user-type shared-ike-id
时ike-user-type group-ike-id
,才支持该选项;此选项不支持该aaa access-profile profile-name
配置。
仅当您确定应拒绝重新建立具有相同 IKE ID 的新隧道时,才使用 CLI 选项 reject-duplicate-connection
。