Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show services ipsec-vpn ipsec statistics

Syntax

Description

(Adaptive services interface only) Display IPsec statistics for the specified service set. If no service set is specified, the statistics for all service sets are displayed.

Options

none

Display standard IPsec statistics for all service sets.
brief | detail

(Optional) Display the specified level of output.
remote-gw remote-peer-address

(Optional) Display IPsec statistics for an individual IPsec tunnel and an individual remote host.
service-set service-set-name

(Optional) Display information about a particular service set.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services ipsec-vpn ipsec statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show services ipsec-vpn ipsec statistics Output Fields

Field Name

Field Description

Level of Output

PIC

The physical interface on which the IPsec tunnel is configured.

All levels

Service set

Name of the service set for which the IPsec tunnel is defined.

All levels

Local gateway

Gateway address of the local system.

All levels

Remote gateway

Gateway address of the remote system.

All levels

Tunnel index

Numeric identifier of the specific IPsec tunnel for the security association.

All levels

ESP statistics

Encapsulation Security Payload (ESP) statistics:

  • Encrypted bytes—Total number of bytes encrypted by the local system across the IPsec tunnel.

  • Decrypted bytes—Total number of bytes decrypted by the local system across the IPsec tunnel.

  • Encrypted packets—Total number of packets encrypted by the local system across the IPsec tunnel.

  • Decrypted packets—Total number of packets decrypted by the local system across the IPsec tunnel

All levels

AH Statistics

Authentication Header statistics:

  • Input bytes—Total number of bytes received by the local system across the IPsec tunnel.

  • Output bytes—Total number of bytes transmitted by the local system across the IPsec tunnel.

  • Input packets—Total number of packets received by the local system across the IPsec tunnel.

  • Output packets—Total number of packets transmitted by the local system across the IPsec tunnel.

All levels

Errors

  • AH authentication failures—Number of authentication header (AH) failures. An AH failure occurs when there is a mismatch of the authentication header in a packet transmitted across an IPsec tunnel.

  • ESP authentication failures—Number of Encapsulation Security Payload (ESP) failures. An ESP failure occurs when there is an authentication mismatch in ESP packets.

  • ESP Decryption failures—Number of ESP decryption failures.

  • Bad headers—Number of invalid headers detected.

  • Bad trailers—Number of invalid trailers detected.

  • Replay before window drops—Number of replay errors. A replay error is generated when a duplicate packet is received within the replay window.

  • Replayed pkts—Number of packets replayed.

  • IP integrity errors—Number of IP integrity errors.

  • Exceeds tunnel MTU—Number of times the tunnel maximum transmission unit (MTU) value was exceeded.

  • Rule lookup failures—Number of rule lookup failures.

  • No SA errors—Number of errors resulting from a missing security association (SA).

  • Flow errors—Number of flow errors.

  • Misc errors—Number of miscellaneous errors.

All levels

Sample Output

show services ipsec-vpn ipsec statistics detail

show services ipsec-vpn ipsec statistics remote-gw

show services ipsec-vpn ipsec statistics (on ACX500)

Release Information

Command introduced before Junos OS Release 7.4.

New fields added in Junos OS Release 10.0.