Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Monitoring IPSec Tunnel Profiles
This section contains information about troubleshooting and monitoring dynamic IPSec subscribers.
System Event Logs
To troubleshoot and monitor dynamic IPSec subscribers, use the following system event log:
- ipsecIdDb—IPsec ID database
- ipsecXcfgSM—IPsec Xauth/ModeCfg state machine
- ipsecP1Throttler—Ongoing Phase 1 negotiations
For more information about using event logs, see the JunosE System Event Logging Reference Guide.
show Commands
To display user information for dynamic IPSec tunnel profiles or subscribers, use the following show commands.
show ipsec tunnel profile
- Use to display information about all existing IPSec tunnel profiles or a specified tunnel profile.
- Use the detail keyword to display detailed information about the tunnel profile.
- Example 1
host1#show ipsec tunnel profile IPsec tunnel profile ipsec-spg is active with no subscriber 1 IPsec tunnel profile found
- Example 2
host1#show ipsec tunnel profile detail ipsec-spg IPsec tunnel profile ipsec-spg is active with no subscriber Extended-authentication: pap, no re-authentication Peer IP characteristics configuration: enabled Virtual router: default Local IP address: 10.227.5.31 Local IKE identity: 10.227.5.31 Peer IKE identity: IP network: not allowed username: * domain-name: spg.juniper.net DN: not allowed Maximum subscribers: no limit Domain suffix: @spg IP profile: ip-spg Local IPsec identity: subnet 0.0.0.0 0.0.0.0, proto 0, port 0 Peer IPsec identity: invalid identity Lifetime: between 1800 and 7200 seconds, and between 100000 and 500000 KB Reachable networks: none PFS not configured Transforms:, tunnel-esp-3des-sha1 Subscribers rejected due to maximum subscribers limit: 0 Completed sessions: 43, totaling 4873 seconds, statistics: ipsec stats: outbound: outboundUserPacketsReceived = 88 outboundUserOctetsReceived = 74544 outboundAccPacketsReceived = 88 outboundAccOctetsReceived = 79168 outboundOtherTxErrors = 0 outboundPolicyErrors = 0 inbound: inboundUserPacketsReceived = 88 inboundUserOctetsReceived = 74880 inboundAccPacketsReceived = 88 inboundAccOctetsReceived = 79488 inboundAuthenticationErrors= 0 inboundReplayErrors = 0 inboundPolicyErrors = 0 inboundOtherRxErrors = 0 inboundDecryptErrors = 0 inboundPadErrors = 0 - See show ipsec tunnel profile.
show subscribers
- Use to display the active subscribers on the router.
- Field descriptions
- User Name—Name of the subscriber
- Type—Type of subscriber: atm, ip, ipsec, ppp, tnl (tunnel), tst (test)
- Addr | Endpt—IP or IPv6 address and source of the address: l2tp, local, dhcp, radius, user. For local, dhcp, radius, and user endpoints, the address is that of the user. When the endpoint is l2tp, the address is that of the LNS.
- Virtual Router—Name of the virtual router context
- Interface—Interface specifier over which the subscriber is connected
- Login Time—Date, in YY/MM/DD format, and time the subscriber logged in
- Circuit Id—User's circuit ID value specified by PPPoE
- Remote Id—User's remote ID value specified by PPPoE
- Example
host1#show subscribers Subscriber List ---------------- Virtual User Name Type Addr|Endpt Router ----------------------- ----- -------------------- ------------ xcfgUser1@vpn1 ipsec 10.227.5.106/local vpn1 User Name Interface ----------------------- -------------------------------- xcfgUser1@vpn1 FastEthernet 5/2.4 User Name Login Time Circuit Id ----------------------- ------------------- ------------------- xcfgUser1@vpn1 06/05/12 10:58:42 0.4.1.10.fe.25.3b.0 User Name Remote Id ----------------------- ---------------- xcfgUser1@vpn1 (800) 555-1212 - See show subscribers.
