Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security ike tunnel-map

Syntax

Description

Display the tunnel mapping on different Services Processing Units (SPUs) for site-to-site and manual VPNs. You can insert an SPC on a device in a chassis cluster without disrupting traffic on the existing VPN tunnels. After inserting the SPC, you can view the tunnel mapping using this command. This feature is supported only on SRX5400, SRX5600, and SRX5800 Series Firewalls and vSRX Virtual Firewall instances.

Options

brief

Display standard information about all existing IKE SAs. This is the default.

fpc slot-number

Display information about existing IKE SAs in the specified Flexible PIC Concentrator (FPC) slot.

kmd-instance (all | kmd-instance-name)

(Optional) Display information about existing IKE SAs in the key management process ( KMD) identified by FPC slot-number and PIC slot-number. This option is used to filter the output. You can specify one of the following options:

  • all—All KMD instances running on the Services Processing Unit (SPU).

  • kmd-instance-name—Name of the KMD instance running on the SPU.

pic slot-number

Display information about existing IKE SAs in the specified PIC slot.

summary

Display the tunnel-mapping load on each SPU. The load is the number of times an SPU has been chosen as an anchor SPU. For site-to-site VPNs, the load should be equal to the number of gateways mapped to an SPU.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security ike tunnel-map command. Output fields are listed in the approximate order in which they appear.

Table 1: show security ike tunnel-map Output Fields

Field Name

Field Descripton

Gateway ID

Gateway identifier. This is a nondeterministic number that is constant as long as the configuration is present. This number does not appear in any other outputs.

Gateway Name

Name of the IKE gateway.

FPC

FPC slot number.

PIC

PIC slot number.

IKED Instance

IKE process instance identifier.

SPU Load

Number of times an SPU has been chosen as an anchor SPU.

Sample Output

show security ike tunnel-map

show security ike tunnel-map brief

show security ike tunnel-map fpc 1 pic 0

show security ike tunnel-map kmd-instance kmd1

show security ike tunnel-map kmd-instance all

show security ike tunnel-map summary

Release Information

Command introduced in Junos OS Release 12.1X44-D10.