Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
show security group-vpn server kek security-associations
Syntax
Release Information
Command introduced in Release 10.2 of Junos OS.
Description
Display configured server-member communications.
Options
none—Display server-member communications configured for all groups.
brief—(Optional) Display summary output.
detail—(Optional) Display detailed output.
group—(Optional) Display server-member communications configured for the specified group.
group-id—(Optional) Display server-member communications configured for the specified group.
index—(Optional) Display information for a particular SA based on the index number of the SA. To obtain the index number for a particular SA, display the list of existing SAs by using the command with no options.
Required Privilege Level
view
Related Topics
show security group-vpn member kek security-associations
List of Sample Output
show security group-vpn server kek security-associationsshow security group-vpn server kek security-associations detail
Output Fields
Table 101 lists the output fields for the show security group-vpn server kek security-assocations command. Output fields are listed in the approximate order in which they appear.
Table 101: show security group-vpn server kek security-associations Output Fields
Field Name | Field Description |
|---|---|
Index | Index number of an SA. This number is an internally generated number you can use to display information about a single SA. |
Remote Address | Identifier of the remote/peer. Because there could be multiple members, the remote address always contains the IP address 0.0.0.0. |
State | State of the KEK security associations:
|
Initiator cookie | Random number generated by the server. This is used when the server needs to push data to a member or send heartbeats to a member, or a member needs to reply to the server. |
Responder cookie | Random number generated by the server. This is used when the server needs to push data to a member or send heartbeats to a member, or a member needs to reply to the server. |
GroupId | Group identifier. |
KEK Peer | IP address of the destination peer with which the local peer communicates. For KEK SAs, it always contains 0.0.0.0 which means any IP address. |
Role | For the server, it is always initiator. |
Authentication method | RSA is the supported authentication method. |
Local | Address of the local peer. |
Remote | Address of the remote peer. |
Lifetime | Number of seconds remaining until the IKE SA expires. |
Algorithms | Internet Key Exchange (IKE) algorithms used to encrypt and secure exchanges between the peers during the Phase 2 process:
|
Traffic statistics |
|
Server Info Version | Identify the latest set of information maintained in the server. |
The following fields are the configured server-member-communication options: | |
Server Heartbeat Interval | Interval in seconds at which the server sends heartbeats to group members. |
Server Activation Delay | Number of seconds before a group member can use a new key when the member reregisters with the server. |
Server Multicast Group | Multicast IP address to which the server sends rekey messages. |
Server Replay Window | Antireplay time in seconds. This is 0 if antireplay is disabled. |
Retransmission Period | Number of seconds between a rekey transmission and the first retransmission when there is no reply from the member. |
Number of Retransmissions | For unicast communications, the number of times the server retransmits rekey messages to a member when there is no reply. For multicast communications, the number of copies of a message the server sends to members. |
Lifetime Seconds | Configured lifetime, in seconds, for the KEK. |
Group Key Push sequence number | Sequence number of the KEK SA groupkey-push message. This number is incremented with every groupkey-push message, including heartbeats. |
Sample Output
show security group-vpn server kek security-associations
user@host> show security group-vpn server kek
security-associationsIndex Remote Address State Initiator cookie Responder cookie GroupId 2051 0.0.0.0 UP e3ead57303ae393d d97290c9a91b6a2a 2 2052 0.0.0.0 UP 39985f6e9878d4fe 8ad3cabd99918841 3
Sample Output
show security group-vpn server kek security-associations detail
user@host> show security group-vpn server kek
security-associations detailKEK peer 0.0.0.0, Index 2051 Role: Initiator, State: UP Initiator cookie: e3ead57303ae393d, Responder cookie: d97290c9a91b6a2a Authentication method: RSA Local: 10.1.1.11:848, Remote: 0.0.0.0:848 Lifetime: Expires in 934 seconds Algorithms: Sig-hash : sha1 Encryption : 3des-cbc Traffic statistics: Input bytes : 0 Output bytes : 2652 Input packets: 0 Output packets: 13 Group Id: 2, Group Name: g2 Server Info Version: 135 Server Heartbeat Interval: 60 Server Activation Delay: 17 Server Multicast Group: Unicast, Server Replay Window: 100 Retransmission Period: 4, Number of Retransmissions: 2 Lifetime Seconds: 1800 Group Key Push sequence number: 13 KEK peer 0.0.0.0, Index 2052 Role: Initiator, State: UP Initiator cookie: 39985f6e9878d4fe, Responder cookie: 8ad3cabd99918841 Authentication method: RSA Local: 10.1.1.11:848, Remote: 0.0.0.0:848 Lifetime: Expires in 934 seconds Algorithms: Sig-hash : sha1 Encryption : 3des-cbc Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Group Id: 3, Group Name: g3 Server Info Version: 135 Server Heartbeat Interval: 60 Server Activation Delay: 17 Server Multicast Group: Unicast, Server Replay Window: 100 Retransmission Period: 4, Number of Retransmissions: 2 Lifetime Seconds: 1800 Group Key Push sequence number: 0
