Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security group-vpn server ipsec security-associations

Syntax

Description

Display IPsec security associations (SAs). Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 devices and vSRX instances.

Options

  • none—Display all IPsec SAs for all groups.

  • brief—(Optional) Display summary output.

  • detail—(Optional) Display detailed level of output.

  • group—(Optional) Display IPsec SAs for the specified group.

  • group-id—(Optional) Display IPsec SAs for the specified group.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security group-vpn server ipsec security-associations command. Output fields are listed in the approximate order in which they appear.

Table 1: show security group-vpn server ipsec security-associations

Field Name

Field Description

Group

Group name.

Group ID

Group identifier.

Total IPsec SAs

The total number of IPsec SAs for each group is shown.

IPsec SA

Name of the SA.

Protocol

Protocol supported. Transport mode supports Encapsulation Security Protocol (ESP).

Algorithm

Cryptography used to secure exchanges between peers during the IKE Phase 2 negotiations includes

  • An authentication algorithm used to authenticate exchanges between the peers. Options are sha-256 and sha-384.

  • An encryption algorithm used to encrypt data traffic. Options are aes-128-cbc, aes-192-cbc, or aes-256-cbc.

SPI

Security parameter index (SPI) identifier. An SA is uniquely identified by an SPI.

Lifetime

The lifetime of the SA, after which it expires, expressed in seconds.

Policy Name

Group policy associated with the IPsec SA. The source address, destination address, source port, destination port, and protocol defined for the policy are displayed.

Sample Output

show security group-vpn server ipsec security-associations

Sample Output

show security group-vpn server ipsec security-associations detail

Release Information

Command introduced in Junos OS Release 10.2.