show security group-vpn member ipsec inactive-tunnels

Syntax

Description

Show inactive Group VPNs. Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 Series Firewalls and vSRX Virtual Firewall instances.

Options

none	Display information for all groups.
brief	(Optional) Display summary output.
detail	(Optional) Display detailed output.
group-id `group-id`	(Optional) Display information for the specified group identifier.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security group-vpn member ipsec inactive-tunnels command. Output fields are listed in the approximate order in which they appear.

Table 1: show security group-vpn member ipsec inactive-tunnels Output Fields
Field Name	Field Description
Server	Server on which group member is registered.
Port	UDP port number.
GId	Group identifier.
lsys	Logical system.
Reason	Reason that the tunnel is inactive: The tunnel was cleared through the CLI. The hard lifetime has expired. There are too many TEKs. There was a configuration change. There was an SA installation error. The TEK is stale. The tunnel was deleted from the server.
Virtual-system	Logical system name.
Group VPN Name	Name of the Group VPN.
Local Gateway	IP address of the local IKE gateway.
GDOI Server	IP address of the group server.
Group Id	Group identifier.
Recovery Probe	Status of the recovery probe, either enabled or disabled (default).
DF-bit	Fragmentation of IPsec traffic on the group member—clear (default), copy, or set.
Stats	Statistics for GDOI groupkey-pull and groupkey-push exchanges, server failovers, deletes received, number of times the maximum number of keys and policies were exceeded, and the number of unsupported algorithms received.
Down Reason	Reason that the tunnel is inactive: The tunnel was cleared through the CLI. The hard lifetime has expired. There are too many TEKs. There was a configuration change. There was an SA installation error. The TEK is stale. The tunnel was deleted from the server. The tunnel is not initiated.

ON THIS PAGE

show security group-vpn member ipsec inactive-tunnels

Syntax

Description

Options

Required Privilege Level

Output Fields

Sample Output

show security group-vpn member ipsec inactive-tunnels

show security group-vpn member ipsec inactive-tunnels detail

Release Information

ON THIS PAGE

show security group-vpn member ipsec inactive-tunnels

Syntax

Description

Options

Required Privilege Level

Output Fields

Sample Output

show security group-vpn member ipsec inactive-tunnels

show security group-vpn member ipsec inactive-tunnels detail

Release Information

Related Documentation