show security group-vpn server ipsec security-associations
Syntax
show security group-vpn server ipsec security-associations [brief | detail] [group group-name | group-id group-id]
Description
Display IPsec security associations (SAs). Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 Series Firewalls and vSRX Virtual Firewall instances.
Options
none—Display all IPsec SAs for all groups.
brief—(Optional) Display summary output.detail—(Optional) Display detailed level of output.group—(Optional) Display IPsec SAs for the specified group.group-id—(Optional) Display IPsec SAs for the specified group.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security group-vpn
server ipsec security-associations command. Output fields are
listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Group name. |
|
Group identifier. |
|
The total number of IPsec SAs for each group is shown. |
|
Name of the SA. |
|
Protocol supported. Transport mode supports Encapsulation Security Protocol (ESP). |
|
Cryptography used to secure exchanges between peers during the IKE Phase 2 negotiations includes
|
|
Security parameter index (SPI) identifier. An SA is uniquely identified by an SPI. |
|
The lifetime of the SA, after which it expires, expressed in seconds. |
|
Group policy associated with the IPsec SA. The source address, destination address, source port, destination port, and protocol defined for the policy are displayed. |
Sample Output
show security group-vpn server ipsec security-associations
user@host> show security group-vpn server ipsec security-associations Group: group200, Group Id: 200 Total IPsec SAs: 1 IPsec SA Algorithm SPI Lifetime sa1 ESP:aes-256/sha-256 55837dfe 17 sa1 ESP:aes-256/sha1-256 760088d 137
Sample Output
show security group-vpn server ipsec security-associations detail
user@host> show security group-vpn server ipsec security-associations detail
Group: group1, Group Id: 1
Total IPsec SAs: 10
IPsec SA: sa1
Protocol: ESP, Authentication: sha-256, Encryption: aes-256
Anti-replay: D3P enabled, window size 10 milliseconds
SPI: e68c9525
Lifetime: Expires in 66 seconds, Activated
Policy Name: pol1
Source: 192.168.1.0/24
Destination: 192.168.1.0/24
Source Port: 0
Destination Port: 0
Protocol: 0
IPsec SA: sa1
Protocol: ESP, Authentication: sha-256, Encryption: aes-256
Anti-replay: D3P enabled, window size 10 milliseconds
SPI: 7ee14902
Lifetime: Expires in 276 seconds, Activated in 36 seconds
Rekey in 186 seconds
Policy Name: pol1
Source: 192.168.1.0/24
Destination: 192.168.1.0/24
Source Port: 0
Destination Port: 0
Protocol: 0
Release Information
Command introduced in Junos OS Release 10.2.