Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show security host-vpn security-associations

 

Syntax

Release Information

Command introduced in Junos OS Evolved Release 18.3R1.

Description

Display the protection details about a specified security association or all security associations.

Options

connection-nameSpecify for which connection the connection information is to be displayed. If no connection-name is specified, information for all security associations is displayed.

Additional Information

The Security Parameters Index (SPI) is an arbitrary value which is used (together with the destination IP address) to identify the security association of the receiving party. Each IPsec datagram has a special field for the SPI. All datagrams in the SA will use the same SPI value in this field.

Required Privilege Level

view

List of Sample Output

show security host-vpn security-associations

Output Fields

Table 1 describes the output fields for the how security host-vpn security-associations command. Output fields are listed in the approximate order in which they appear.

Table 1: show security host-vpn security-associations Output Fields

Field Name

Description

IKE SA

Name of the security association connection.

ID

Identifier of the security association.

State

State of the parent SA connection. Values include the following:

  • CREATED—IKE SA just got created, but is not yet initiating or responding.

  • CONNECTING—IKE SA gets initiated actively or passively.

  • DESTROYING—IKE SA object gets destroyed.

  • ESTABLISHED— IKE SA is fully established.

  • PASSIVE—IKE SA is managed externally and does not process messages.

  • REKEYING—IKE SA rekeying is in progress.

(I:R)

Initiator and responder cookie.

local

Local endpoint information and identities.

remote

Remote endpoint information and identities.

crypto

Negotiated encryption details in effect (one for each IKE SA and child SA).

established

How long ago the SA was established, and when it rekeys.

Child SA

Name of the child SA.

State

State of the child SA connection. Values include the following:

  • CREATED—Child SA is just created, but is not yet installed.

  • DESTROYING—Child SA object gets destroyed.

  • INSTALLED— Child SA is installed and in use.

  • REKEYING—Child SA rekeying is in progress.

mode

IPsec mode: (transport | tunnel).

in spi

Inbound SPI values. Also, shows the number of bytes and packets encrypted.

out spi

Outbound SPI values. Also, shows the number of bytes and packets encrypted.

local ts

The local traffic selector (that is, what local traffic is protected).

remote ts

The remote traffic selector (that is, what remote traffic is protected).

Sample Output

show security host-vpn security-associations

user@host> show security host-vpn security-associations