Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security ike active-peer

Syntax

Description

Display the list of connected active users with details about the peer addresses and ports they are using.

Options

peer-address

(Optional) Display details about the user with the specified peer address.

aaa-username username

(Optional) Display information about the user with the specified authentication, authorization, and accounting (AAA) username.

brief

(Optional) Display standard information about all users. (Default)

detail

(Optional) Display detailed information about all users.

debug

(Optional) Display debug information about all users.

local-address

Display information about the user with the specified local gateway IP address.

local-ike-id

Display information about the user with the specified local gateway IKE ID.

local-port port-number

Display information about users on the specified local gateway port number for specified local gateway IP address.

fpc slot-number pic slot-number

(Optional) Display information about users on the specified Flexible PIC Concentrator (FPC) slot and PIC slot.

ike-id IKE-ID

(Optional) Display information about the user with the specified IKE ID.

kmd-instance (all | kmd-instance-name)

(Optional) Display information about users in the key management process (KMD) identified by FPC slot-number and PIC slot-number.

  • all—All KMD instances running on the Services Processing Unit (SPU).

  • kmd-instance-name—Name of the KMD instance running on the SPU.

node-local

—(Optional) Display information about users for node-local tunnels in a Multinode High Availability setup.

pic slot-number fpc slot-number

(Optional) Display information about users on the specified PIC slot and FPC slot.

port port-number peer-address

(Optional) Display information about users on the specified port for the specified peer address.

routing-instance

Display information about users on the specified local gateway routing instance.

stats

Display detailed output along with IKE SA stats information accumulated at the peer.

ha-link-encryption

(Optional) Display information related to interchassis link (ICL) tunnel only. See ipsec (High Availability) and show security ike active-peer ha-link-encryption (SRX5400, SRX5600, SRX5800).

srg-id number

(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security ike active-peer command. Output fields are listed in the approximate order in which they appear.

Table 1: show security ike active-peer Output Fields

Field Name

Field Description

Level of Output

Remote Address

IP address of the peer.

brief

Port

Port used by the peer.

All levels

Peer IKE-ID

IKE ID used by the peer.

All levels

AAA username

Username of the peer.

All levels

Assigned IP

IP address assigned to the peer.

brief

Assigned network attributes

Network attributes assigned to the peer can include the IP address and netmask, and DNS and WINS server addresses.

detail

Previous Peer address

IP address previously assigned to the peer.

detail

Active IKE SA indexes

Index number of the SA associated with the peer. This number is an internally generated number.

detail

IKE SA negotiated

Number of IKE SAs negotiated.

detail

IPSec tunnels active

Number of IPsec tunnels active.

detail

IPSec Tunnel IDs

IDs of the active IPsec tunnels.

detail

DPD Config Info

DPD configuration values.

detail

DPD Statistics

Information about DPD operations.

detail

Local gateway interface

Interface name of the local gateway.

detail

Routing instance

Name of the local gateway routing instance.

detail

Local address

IP address of the local gateway.

detail

Local IKE-ID

IKE ID used by local gateway.

detail

Sample Output

show security ike active-peer

show security ike active-peer stats

show security ike active-peer detail

show security ike active-peer srg-id 1

show security ike active-peer node-local

Release Information

Command introduced in Junos OS Release 10.4. Support to display dead peer detection (DPD) statistics added in Junos OS Release 12.3X48-D10.

Support for the ha-link-encryption option added in Junos OS Release 20.4R1.

Support for the srg-id option added in Junos OS Release 22.4R1.

Support for the node-local option added in Junos OS Release 23.2R1.