Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security group-vpn member ipsec inactive-tunnels

Syntax

Description

Show inactive Group VPNs. Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 devices and vSRX instances.

Options

none

Display information for all groups.

brief

(Optional) Display summary output.

detail

(Optional) Display detailed output.

group-id group-id

(Optional) Display information for the specified group identifier.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security group-vpn member ipsec inactive-tunnels command. Output fields are listed in the approximate order in which they appear.

Table 1: show security group-vpn member ipsec inactive-tunnels Output Fields

Field Name

Field Description

Server

Server on which group member is registered.

Port

UDP port number.

GId

Group identifier.

lsys

Logical system.

Reason

Reason that the tunnel is inactive:

  • The tunnel was cleared through the CLI.

  • The hard lifetime has expired.

  • There are too many TEKs.

  • There was a configuration change.

  • There was an SA installation error.

  • The TEK is stale.

  • The tunnel was deleted from the server.

Virtual-system

Logical system name.

Group VPN Name

Name of the Group VPN.

Local Gateway

IP address of the local IKE gateway.

GDOI Server

IP address of the group server.

Group Id

Group identifier.

Recovery Probe

Status of the recovery probe, either enabled or disabled (default).

DF-bit

Fragmentation of IPsec traffic on the group member—clear (default), copy, or set.

Stats

Statistics for GDOI groupkey-pull and groupkey-push exchanges, server failovers, deletes received, number of times the maximum number of keys and policies were exceeded, and the number of unsupported algorithms received.

Down Reason

Reason that the tunnel is inactive:

  • The tunnel was cleared through the CLI.

  • The hard lifetime has expired.

  • There are too many TEKs.

  • There was a configuration change.

  • There was an SA installation error.

  • The TEK is stale.

  • The tunnel was deleted from the server.

  • The tunnel is not initiated.

Sample Output

show security group-vpn member ipsec inactive-tunnels

show security group-vpn member ipsec inactive-tunnels detail

Release Information

Command introduced in Junos OS Release 15.1X49-D30.