show security host-vpn security-associations
Syntax
Release Information
Command introduced in Junos OS Evolved Release 18.3R1.
Description
Display the protection details about a specified security association or all security associations.
Options
Additional Information
The Security Parameters Index (SPI) is an arbitrary value which is used (together with the destination IP address) to identify the security association of the receiving party. Each IPsec datagram has a special field for the SPI. All datagrams in the SA will use the same SPI value in this field.
Required Privilege Level
view
Related Documentation
List of Sample Output
show security host-vpn security-associationsOutput Fields
Table 1 describes the output fields for the how security host-vpn security-associations command. Output fields are listed in the approximate order in which they appear.
Table 1: show security host-vpn security-associations Output Fields
Field Name | Description |
|---|---|
IKE SA | Name of the security association connection. |
ID | Identifier of the security association. |
State | State of the parent SA connection. Values include the following:
|
(I:R) | Initiator and responder cookie. |
local | Local endpoint information and identities. |
remote | Remote endpoint information and identities. |
crypto | Negotiated encryption details in effect (one for each IKE SA and child SA). |
established | How long ago the SA was established, and when it rekeys. |
Child SA | Name of the child SA. |
State | State of the child SA connection. Values include the following:
|
mode | IPsec mode: (transport | tunnel). |
in spi | Inbound SPI values. Also, shows the number of bytes and packets encrypted. |
out spi | Outbound SPI values. Also, shows the number of bytes and packets encrypted. |
local ts | The local traffic selector (that is, what local traffic is protected). |
remote ts | The remote traffic selector (that is, what remote traffic is protected). |
Sample Output
show security host-vpn security-associations
user@host> show security host-vpn security-associationsIKE SA : leftT1, ID:1, State:ESTABLISHED, IKEv2, (I:R):96e7757f275c3aa1:ff01ca9e7c4590b2
local : 10.102.227.201, id:vm1@juniper.net
remote: 10.102.228.200, id:vm1@juniper.net
crypto: AES_CBC-256/HMAC_SHA2_384_192-0/PRF_HMAC_SHA2_384/ECP_384
established 57s ago, rekey in 3295s
Child SA : childLeft1, ID:1, State:INSTALLED, mode:TUNNEL
crypto : ESP: AES_GCM_16-256-0
in spi : c5dfd0be, 5541188 bytes, 105772 packets
out spi : c39dbd67, 322089572 bytes, 224729 packets
installed: 58 s ago, rekey in 3264 s, expires in 3903 s
local ts : [10.102.227.201/32[tcp]]
remote ts: [10.102.228.200/32[tcp/afs3-callback]]
IKE SA : leftT2, ID:2, State:ESTABLISHED, IKEv2, (I:R):2bd786adf65eb875:0546171950dbb490
local : 10.102.227.201, id:vm2@juniper.net
remote: 10.102.228.200, id:vm2@juniper.net
crypto: AES_CBC-256/HMAC_SHA2_384_192-0/PRF_HMAC_SHA2_384/ECP_384
established 57s ago, rekey in 3475s
Child SA : childLeft2, ID:2, State:INSTALLED, mode:TUNNEL
crypto : ESP: AES_GCM_16-256-0
in spi : c0a912ee, 40 bytes, 1 packets
out spi : c52e4bf0, 60 bytes, 1 packets
installed: 57 s ago, rekey in 3262 s, expires in 3903 s
local ts : [10.102.227.201/32[tcp]]
remote ts: [10.102.228.200/32[tcp/afs3-prserver]]