show security ipsec statistics

Syntax

show security ipsec statistics fpc slot-number <index SA-index-number > pic slot-number

Release Information

Command introduced in Release 8.5 of Junos OS; fpc and pic options added in Release 9.3 of Junos OS.

Description

Display standard IPsec statistics.

Options

none—Display statistics about all IPsec security associations (SAs).

fpc slot-number —Specific to SRX Series devices. Display statistics about existing IPsec SAs in this particular Flexible PIC Concentrator (FPC) slot. This option is used to filter the output.

index SA-index-number —(Optional) Display statistics for the SA with this index number.

pic slot-number —Specific to SRX Series devices. Display statistics about existing IPsec SAs in this particular PIC slot. This option is used to filter the output.

Required Privilege Level

view

Related Topics

clear security ipsec statistics

List of Sample Output

show security ipsec statistics
show security ipsec statistics index 5
show security ipsec statistics fpc 6 pic 1 (SRX Series devices)

Output Fields

Table 124 lists the output fields for the show security ipsec statistics command. Output fields are listed in the approximate order in which they appear.

Table 124: show security ipsec statistics Output Fields

Field Name

Field Description

Virtual-system

The root system.

ESP Statistics:

  • Encrypted bytes—Total number of bytes encrypted by the local system across the IPsec tunnel.
  • Decrypted bytes—Total number of bytes decrypted by the local system across the IPsec tunnel.
  • Encrypted packets—Total number of packets encrypted by the local system across the IPsec tunnel.
  • Decrypted packets—Total number of packets decrypted by the local system across the IPsec tunnel.

AH Statistics:

  • Input bytes—Total number of bytes received by the local system across the IPsec tunnel.
  • Output bytes—Total number of bytes transmitted by the local system across the IPsec tunnel.
  • Input packets—Total number of packets received by the local system across the IPsec tunnel.
  • Output packets—Total number of packets transmitted by the local system across the IPsec tunnel.

Errors

  • AH authentication failures—Total number of authentication header (AH) failures. An AH failure occurs when there is a mismatch of the authentication header in a packet transmitted across an IPsec tunnel.
  • Replay errors—Total number of replay errors. A replay error is generated when a duplicate packet is received within the replay window.
  • ESP authentication failures—Total number of Encapsulation Security Payload (ESP) failures. An ESP failure occurs when there is an authentication mismatch in ESP packets.
  • ESP decryption failures—total number of ESP decryption errors.
  • Bad headers—Total number of invalid headers detected.
  • Bad trailers—Total number of invalid trailers detected.

Sample Output

show security ipsec statistics

user@host> show security ipsec statistics 
Virtual-system: Root
ESP Statistics:
  Encrypted bytes:                0
  Decrypted bytes:                0
  Encrypted packets:              0
  Decrypted packets:              0
AH Statistics:
  Input bytes:                    0
  Output bytes:                   0
  Input packets:                  0
  Output packets:                 0
Errors:
  AH authentication failures: 0, Replay errors: 0
  ESP authentication failures: 0, ESP decryption failures: 0
  Bad headers: 0, Bad trailers: 0

Sample Output

show security ipsec statistics index 5

user@host> show security ipsec statistics index 5 
Virtual-system: Root
SA index: 5
ESP Statistics:
  Encrypted bytes:                0
  Decrypted bytes:                0
  Encrypted packets:              0
  Decrypted packets:              0
AH Statistics:
  Input bytes:                    0
  Output bytes:                   0
  Input packets:                  0
  Output packets:                 0
Errors:
  AH authentication failures: 0, Replay errors: 0
  ESP authentication failures: 0, ESP decryption failures: 0
  Bad headers: 0, Bad trailers: 0

Sample Output

show security ipsec statistics fpc 6 pic 1 (SRX Series devices)

user@host> show security ipsec statistics fpc 6 pic 1 
ESP Statistics:
Encrypted bytes:           536408
Decrypted bytes:           696696
Encrypted packets:           1246
Decrypted packets:            888
AH Statistics:
Input bytes:                    0
Output bytes:                   0
Input packets:                  0
Output packets:                 0
Errors:
AH authentication failures: 0, Replay errors: 0
ESP authentication failures: 0, ESP decryption failures: 0
Bad headers: 0, Bad trailers: 0
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.