show security ike peers
Syntax
show security ike peers <backoff | blocked | failed | in-progress> <brief | detail> role <initiator | responder> index <value> remote-ip-address <value> local-ip-address <value> gateway-name <value>
show security ike peers blocked blocklist-name <blocklist-name> <brief | detail> role <initiator | responder> index <value> remote-ip-address <value> local-ip-address <value> gateway-name <value>
Description
Display information about IKE peer such as the backoff peers, blocked peers, failed peers, and the in progress peers.
Options
| backoff |
Display the IKE backoff peers. Display details of the remote peers (initiators) that are temporarily denied permission to start a new IKE negotiation due to the previous SA_INIT or IKE_AUTH phase failures. |
| blocked |
Display the IKE blocked peers. Display the latest 100 IKE blocked negotiations. The blocked negotiations are due to
the blocklist configuration at the [ |
| failed |
Display the IKE failed peers. Display the latest 200 IKE negotiation failed peers. |
| in-progress |
Display the IKE in progress peers. |
| blocklist-name blocklist-name |
(Optional) Provide the IKE blocklist name. Applicable with |
| brief |
(Optional) Display brief output |
| detail |
(Optional) Display detailed output. |
| index value |
(Optional) Enter the index number. |
| role value |
(Optional) Enter |
| gateway-name value |
(Optional) Enter the IKE gateway name. |
| local-ip-address value |
(Optional) Enter the local IP address. |
| remote-ip-address value |
(Optional) Enter the remote IP address. |
Required Privilege Level
View
Output Fields
The Table 1 lists the output fields of the show security ike peers in-progress
brief command. You'll see similar output with backoff,
blocked, and failed options. The Table 2 lists the output fields for the show security ike peers
in-progress detail command. You'll see similar output with
backoff, blocked, and failed options.
|
Field Name |
Field Description |
|---|---|
| Index | Index number |
| Started at | IKE negotiation process start time. |
| IKE peer | Remote IKE peer IP address. |
| Gateway name | IKE gateway name of the remote peer. |
| Role | The initiator or the responder role. |
|
Field Name |
Field Description |
|---|---|
| Index | Index number |
| Role | The initiator or the responder role. |
| Exchange Type | Negotiation mode—either IKEv2 or Main or Aggressive |
| Authentication Method | Certificates or Pre-shared-keys based authentication |
| Remote port | Remote port number |
| Local Address | Local IP address |
| Local Port | Local port number |
| Negotiation Phase | INIT |
| Routing Instance | default |
| Gateway name | IKE gateway name of the remote peer. |
| NATT Detection | Not Detected or Detected at remote end |
| Started at | IKE negotiation process start time. |
Sample Output
show security ike peers in-progress brief
user@host> show security ike peers in-progress brief
Index Started at IKE peer Gateway name Role
10 2023-01-31 00:45:30 10.0.1.1 IKE_GW1 Initiator
11 2023-01-31 00:45:30 200.1.1.2 IKE_GW1 Responder
show security ike peers in-progress detail
user@host> show security ike peers in-progress detail
IKE peer 10.0.1.1
Index: 10, Role: Initiator, Exchange Type: IKEv2, Authentication Method: Certificates
Remote Port: 500, Local Address: 2.0.0.1, Local Port: 500, Negotiation Phase: INIT
Routing Instance: default, Gateway Name: IKE_GW1, NATT Detection: Not Detected
Started At: 2023-01-31 00:45:30
IKE peer 200.1.1.2
Index: 11, Role: Responder, Exchange Type: Main, Authentication Method: Pre-shared-keys
Remote Port: 500, Local Address: 2.0.0.1, Local Port: 500, Negotiation Phase: INIT
Routing Instance: default, Gateway Name: IKE_GW1, NATT Detection: Detected(Remote-end)
Started At: 2023-01-31 00:45:30
Release Information
Command introduced in Junos OS Release 23.4R1