Verifying IPSec Tunnel Statistics

Purpose

Verify that traffic is being sent through the configured IPSec tunnel.

Action

From the CLI, enter the show services ipsec-vpn ipsec statistics command.

PIC: sp-0/0/0, Service set: service-set-1

Local gateway: 1.1.1.1, Remote gateway: 2.2.2.2, Tunnel index: 1
ESP Statistics:
 Encrypted bytes:                0
 Decrypted bytes:                0
 Encrypted packets:              0
 Decrypted packets:              0
AH Statistics:
 Input bytes:                    0
 Output bytes:                   0
 Input packets:                  0
 Output packets:                 0
Errors:
 AH authentication failures: 0, Replay errors: 0
 ESP authentication failures: 0, Decryption errors: 0
 Bad headers: 0 Bad trailers: 0

What it Means

The output shows the statistics for the particular service set that defines the IPSec tunnel, including the local and remote gateway addresses, the number of packets that have been encrypted and transported, and the number of errors and failures. Verify the following information:

• The local and remote tunnel endpoints are configured correctly.
• The number of Authentication Header (AH) and Encapsulation Security Payload (ESP) errors is zero. If these numbers are nonzero, the Services Router might be having a problem either transmitting or receiving encrypted packets through the IPSec tunnel.

Related Topics

For a complete description of show services ipsec-vpn ipsec statistics output, see the JUNOS System Basics and Services Command Reference.