Verifying the IPSec Tunnel Configuration

To verify the IPSec tunnel configuration, perform the following task.

Purpose

Verify that traffic is being sent through the configured IPSec tunnel.

Action

From the CLI, enter the show services ipsec-vpn ipsec statistics command.

Sample Output

PIC: sp-0/0/0, Service set: service-set-1

Local gateway: 1.1.1.1, Remote gateway: 2.2.2.2, Tunnel index: 1
ESP Statistics:
 Encrypted bytes:                0
 Decrypted bytes:                0
 Encrypted packets:              0
 Decrypted packets:              0
AH Statistics:
 Input bytes:                    0
 Output bytes:                   0
 Input packets:                  0
 Output packets:                 0
Errors:
 AH authentication failures: 0, Replay errors: 0
 ESP authentication failures: 0, Decryption errors: 0
 Bad headers: 0 Bad trailers: 0

What it Means

The output shows the statistics for the particular service set that defines the IPSec tunnel, including the local and remote gateway addresses, the number of packets that have been encrypted and transported, and the number of errors and failures. Verify the following information:

• The local and remote tunnel endpoints are configured correctly.
• The number of Authentication Header (AH) and Encapsulation Security Payload (ESP) errors is zero. If these numbers are nonzero, the Services Router might be having a problem either transmitting or receiving encrypted packets through the IPSec tunnel.

For more information about show services ipsec-vpn ipsec statistics, see the JUNOS System Basics and Services Command Reference.