show security host-vpn security-associations
Syntax
show security host-vpn security-associations <connection-name>
Description
Display the protection details about a specified security association or all security associations.
Options
connection-name |
Specify for which connection the connection information is to be displayed. If no connection-name is specified, information for all security associations is displayed. |
Additional Information
The Security Parameters Index (SPI) is an arbitrary value which is used (together with the destination IP address) to identify the security association of the receiving party. Each IPsec datagram has a special field for the SPI. All datagrams in the SA will use the same SPI value in this field.
Required Privilege Level
view
Output Fields
Table 1 describes the output fields for the how security host-vpn security-associations command. Output fields are listed in the approximate order in which they appear.
Field Name |
Description |
|---|---|
|
Name of the security association connection. |
|
Identifier of the security association. |
|
State of the parent SA connection. Values include the following:
|
|
Initiator and responder cookie. |
|
Local endpoint information and identities. |
|
Remote endpoint information and identities. |
|
Negotiated encryption details in effect (one for each IKE SA and child SA). |
|
How long ago the SA was established, and when it rekeys. |
|
Name of the child SA. |
|
State of the child SA connection. Values include the following:
|
|
IPsec mode: ( |
|
Inbound SPI values. Also, shows the number of bytes and packets encrypted. |
|
Outbound SPI values. Also, shows the number of bytes and packets encrypted. |
|
The local traffic selector (that is, what local traffic is protected). |
|
The remote traffic selector (that is, what remote traffic is protected). |
Sample Output
show security host-vpn security-associations
user@host> show security host-vpn security-associations
IKE SA : leftT1, ID:1, State:ESTABLISHED, IKEv2, (I:R):96e7757f275c3aa1:ff01ca9e7c4590b2
local : 10.102.227.201, id:vm1@juniper.net
remote: 10.102.228.200, id:vm1@juniper.net
crypto: AES_CBC-256/HMAC_SHA2_384_192-0/PRF_HMAC_SHA2_384/ECP_384
established 57s ago, rekey in 3295s
Child SA : childLeft1, ID:1, State:INSTALLED, mode:TUNNEL
crypto : ESP: AES_GCM_16-256-0
in spi : c5dfd0be, 5541188 bytes, 105772 packets
out spi : c39dbd67, 322089572 bytes, 224729 packets
installed: 58 s ago, rekey in 3264 s, expires in 3903 s
local ts : [10.102.227.201/32[tcp]]
remote ts: [10.102.228.200/32[tcp/afs3-callback]]
IKE SA : leftT2, ID:2, State:ESTABLISHED, IKEv2, (I:R):2bd786adf65eb875:0546171950dbb490
local : 10.102.227.201, id:vm2@juniper.net
remote: 10.102.228.200, id:vm2@juniper.net
crypto: AES_CBC-256/HMAC_SHA2_384_192-0/PRF_HMAC_SHA2_384/ECP_384
established 57s ago, rekey in 3475s
Child SA : childLeft2, ID:2, State:INSTALLED, mode:TUNNEL
crypto : ESP: AES_GCM_16-256-0
in spi : c0a912ee, 40 bytes, 1 packets
out spi : c52e4bf0, 60 bytes, 1 packets
installed: 57 s ago, rekey in 3262 s, expires in 3903 s
local ts : [10.102.227.201/32[tcp]]
remote ts: [10.102.228.200/32[tcp/afs3-prserver]]
Release Information
Command introduced in Junos OS Evolved Release 18.3R1.