Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Monitoring IPsec Tunnel Profiles
Purpose
Display information about all existing IPsec tunnel profiles or a specified tunnel profile.
Use the detail keyword to display detailed information about the tunnel profile.
Action
To display information about all existing IPsec tunnel profiles:
host1#show ipsec tunnel profile IPsec tunnel profile ipsec-spg is active with no subscriber 1 IPsec tunnel profile found
To display more detailed information about the specified IPsec tunnel profile:
host1#show ipsec tunnel profile detail ipsec-spg
IPsec tunnel profile ipsec-spg is active with no subscriber
Extended-authentication: pap, no re-authentication
Peer IP characteristics configuration: enabled
Virtual router: default
Local IP address: 10.227.5.31
Local IKE identity: 10.227.5.31
Peer IKE identity: IP network: not allowed
username: *
domain-name: spg.juniper.net
DN: not allowed
Maximum subscribers: no limit
Domain suffix: @spg
IP profile: ip-spg
Local IPsec identity: subnet 0.0.0.0 0.0.0.0, proto 0, port 0
Peer IPsec identity: invalid identity
Lifetime: between 1800 and 7200 seconds, and between 100000 and 500000 KB
Reachable networks: none
PFS not configured
Transforms:, tunnel-esp-3des-sha1
Subscribers rejected due to maximum subscribers limit: 0
Completed sessions: 43, totaling 4873 seconds, statistics:
ipsec stats:
outbound:
outboundUserPacketsReceived = 88
outboundUserOctetsReceived = 74544
outboundAccPacketsReceived = 88
outboundAccOctetsReceived = 79168
outboundOtherTxErrors = 0
outboundPolicyErrors = 0
inbound:
inboundUserPacketsReceived = 88
inboundUserOctetsReceived = 74880
inboundAccPacketsReceived = 88
inboundAccOctetsReceived = 79488
inboundAuthenticationErrors= 0
inboundReplayErrors = 0
inboundPolicyErrors = 0
inboundOtherRxErrors = 0
inboundDecryptErrors = 0
inboundPadErrors = 0Meaning
Table 14 lists the show ipsec tunnel profile command output fields.
Table 14: show ipsec tunnel profile Output Fields
Field Name | Field Description |
|---|---|
Extended-authentication | Configured extended user authentication protocol |
Peer IP characteristics configuration | Peer IP characteristics configuration status |
Virtual router | Name of the virtual router context |
Local IP address | Local IP address on the specified virtual router |
Local IKE identity | Configured local IKE identity |
Peer IKE identity | Configured peer IKE identity |
Maximum subscribers | Maximum number of subscribers allowed on the profile |
Domain suffix | Domain suffix appended to any usernames on the profile |
IP Profile | IP profile that is passed from the IPsec layer to the IP layer |
Local IPsec identity | Local identity used for IPsec security association negotiations |
Peer IPsec identity | Peer identity used for IPsec security association negotiations |
Lifetime | Configured lifetime parameters |
Reachable networks | Reachable networks on the VPN |
PFS not configured | Perfect forward secrecy configuration status |
Transforms | IPsec transforms that IPsec SA negotiations use |
Subscribers rejected due to maximum subscribers limit | Subscribers rejected because of the configured limit of maximum number of subscribers on profile |
Completed sessions | Number of successful subscriber sessions |
ipsec stats | Inbound and Outbound IPsec statistics |
