 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To verify proper operation of a dynamic endpoint tunnel configured on the AS PIC, use the following command:
- show services ipsec-vpn ipsec security-associations (detail)
The following section shows output from this command used with the configuration example. The dynamically created rule _junos_ appears in the output, as well as the establishment of the inbound and outbound dynamically created tunnels.
user@router> show services ipsec-vpn
ipsec security-associations detail
Service set: dynamic_nh_ss
Rule: _junos_ , Term: tunnel4, Tunnel index: 4
Local gateway: 10.7.7.2, Remote gateway: 10.7.7.1
Local identity: ipv4(any:0,[0..3]=10.255.14.63)
Remote identity: ipv4(any:0,[0..3]=10.255.14.64)
Direction: inbound , SPI: 428111023, AUX-SPI: 0
Mode: tunnel, Type: dynamic, State: Installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Soft lifetime: Expires in 27660 seconds
Hard lifetime: Expires in 27750 seconds
Anti-replay service: Enabled, Replay window size: 64
Direction: outbound , SPI: 4035429231, AUX-SPI: 0
Mode: tunnel, Type: dynamic, State: Installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Soft lifetime: Expires in 27660 seconds
Hard lifetime: Expires in 27750 seconds
Anti-replay service: Enabled, Replay window size: 64
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |