Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


show ipsec redundancy



(Encryption interface on M Series and T Series routers only) Display information about IPsec redundancy.


interface <es-fpc/pic/port>

Display information about all encryption interfaces, or optionally, about a particular encryption interface.

security-associations <sa-name>

Display information about all remote tunnels, or optionally, about a particular remote tunnel.

Required Privilege Level


Output Fields

Table 1 lists the output fields for the show ipsec redundancy command. Output fields are listed in the approximate order in which they appear.

Table 1: show ipsec redundancy Output Fields

Field Name

Field Description

Failure counter

Number of times a PIC switched between primary and backup interfaces, or the number of times the tunnel switched between the primary and remote peers since the software has been activated.

Primary interface '

Name of the interface configured to be the primary interface.

Backup interface

Name of the interface configured to be the backup interface.


State of the primary or backup interface can be Active, Offline, or Standby. Both ES PICs are initialized to Offline. For primary and remote peers, State can be Active or Standby. Both peers are in a state of Standby by default (there is not yet a connection between the two peers).

Security association

Name of the security association.

Local IP

Local IP address.

Primary remote IP

IP address of the configured primary remote peer.

Backup remote IP

IP address of the configured backup remote peer.

Sample Output

show ipsec redundancy interface

show ipsec redundancy security-associations

Release Information

Command introduced before Junos OS Release 7.4.