 |
Note: For information about how to configure IPSec services, see the JUNOS Services Interfaces Configuration Guide for adaptive services interfaces and the JUNOS System Basics Configuration Guide for encryption interfaces. |
Table 232 summarizes the command-line interface (CLI) commands you can use to monitor and troubleshoot IP Security (IPSec) services. In the table, the commands are grouped by the interfaces on which they are supported. In the remainder of this chapter, the commands are listed in alphabetical order.
Table 232: IPSec Services Operational Mode Commands
Task |
Command |
|---|---|
| Adaptive Services Interface | |
Delete certificate authority (CA) digital certificates from the router. |
|
Delete manually generated local digital certificate requests from the router. |
|
Delete all CRLs from the router. |
|
Delete local digital certificates, certificate requests, and the corresponding public/private key pairs from the router. |
|
Delete local and remote certificates from the IPSec configuration memory cache. |
|
Clear IPSec statistics. |
|
Clear either Internet Key Exchange (IKE) or IPSec VPN security associations. |
clear services ipsec-vpn ike security-associations |
Request a digital certificate from a CA online by using the Simple Certificate Enrollment Protocol (SCEP). |
|
Manually load a CA digital certificate from a specified location. |
|
Manually install a CRL on the router. |
|
Manually generate a local digital certificate request in the Public-Key Cryptography Standards #10 (PKCS-10) format. |
|
Generate a Public Key Infrastructure (PKI) public and private key pair for a local digital certificate. |
|
Request a CA to enroll and install a local digital certificate online by using the SCEP. |
|
Manually load a local digital certificate from a specified location. |
|
Switch between the primary and backup IPSec VPN tunnels. |
|
Display information about certificate authority (CA) digital certificates installed in the router. |
|
Display information about manually generated local digital certificate requests that are stored in the router. |
|
Display information about the local digital certificates and the corresponding public keys installed in the router. |
|
Display local and remote certificates installed in the IPSec configuration memory cache that are used for the IKE negotiation. |
|
Display IKE VPN security associations for service sets. |
|
Display IPSec VPN security associations for service sets. |
|
Display IPSec VPN statistics for service sets. |
|
| Encryption Interface | |
Clear Internet Key Exchange (IKE) security associations. |
|
Clear IPSec security associations. |
|
Switch between primary and backup interfaces and tunnels. |
|
Obtain a public key certificate from a certification authority. |
|
Generate a public and private key pair. |
|
Add a certificate provided by the Juniper Networks certificate authority. |
|
Display IKE security association information. |
|
Display the IPSec certificate database. |
|
Display primary and backup interface and tunnel information. |
|
Display IPSec security association information. |
|
Display installed certificates signed by the Juniper Networks certificate authority. |
|
|
Note: For information about how to configure IPSec services, see the JUNOS Services Interfaces Configuration Guide for adaptive services interfaces and the JUNOS System Basics Configuration Guide for encryption interfaces. |