show security ipsec tunnel-events-statistics
Syntax
show security ipsec tunnel-events-statistics
Description
Show tunnel event statistics.
Required Privilege Level
view
Sample Output
show security ipsec tunnel-events statistics
user@host> show security ipsec tunnel-events statistics IPSec SA delete payload received from peer : 153 Configuration change triggered clearing of IPSec SA : 1 Peer's remote IKE-ID validation failed during negotiation : 2 Phase1 proposal mismatch detected : 2 Phase2 proposal mismatch detected : 2 Peer proposed traffic-selectors are not in configured range : 8576 Negotiation failed as peer did not respond : 4 IKE SA negotiation successfully completed : 19 IPSec SA negotiation successfully completed : 154 PKI validation failed: Peer's CA not configured in trusted-CA-group in IKE policy : 1 Tunnel is ready. Waiting for trigger event or peer to trigger negotiation : 1
Release Information
Command introduced in Junos OS Release 12.3X48-D10.
Starting with Junos OS Release 15.1X49-D120, you can configure
the CLI option reject-duplicate-connection
at the [edit security ike gateway gateway-name dynamic
] hierarchy level to retain an existing tunnel session and reject
negotiation requests for a new tunnel with the same IKE ID. By default,
an existing tunnel is tear down when a new tunnel with the same IKE
ID is established. The reject-duplicate-connection
option
is only supported when ike-user-type group-ike-id
or ike-user-type shared-ike-id
is configured for the IKE gateway;
the aaa access-profile profile-name
configuration is not supported with this option.
Use the CLI option reject-duplicate-connection
only
when you are certain that reestablishment of a new tunnel with the
same IKE ID should be rejected.