show security ike tunnel-map
Syntax
show security ike tunnel-map (<brief | summary>) <fpc slot-number> <kmd-instance (all | kmd-instance-name)> <pic slot-number>
Description
Display the tunnel mapping on different Services Processing Units (SPUs) for site-to-site and manual VPNs. You can insert an SPC on a device in a chassis cluster without disrupting traffic on the existing VPN tunnels. After inserting the SPC, you can view the tunnel mapping using this command. This feature is supported only on SRX5400, SRX5600, and SRX5800 Series Firewalls and vSRX Virtual Firewall instances.
Options
| brief | Display standard information about all existing IKE SAs. This is the default. |
| fpc slot-number | Display information about existing IKE SAs in the specified Flexible PIC Concentrator (FPC) slot. |
| kmd-instance (all | kmd-instance-name) | (Optional) Display information about existing IKE SAs in the key management process ( KMD) identified by FPC slot-number and PIC slot-number. This option is used to filter the output. You can specify one of the following options:
|
| pic slot-number | Display information about existing IKE SAs in the specified PIC slot. |
| summary | Display the tunnel-mapping load on each SPU. The load is the number of times an SPU has been chosen as an anchor SPU. For site-to-site VPNs, the load should be equal to the number of gateways mapped to an SPU. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security ike tunnel-map command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Descripton |
|---|---|
Gateway ID |
Gateway identifier. This is a nondeterministic number that is constant as long as the configuration is present. This number does not appear in any other outputs. |
Gateway Name |
Name of the IKE gateway. |
FPC |
FPC slot number. |
PIC |
PIC slot number. |
IKED Instance |
IKE process instance identifier. |
SPU Load |
Number of times an SPU has been chosen as an anchor SPU. |
Sample Output
- show security ike tunnel-map
- show security ike tunnel-map brief
- show security ike tunnel-map fpc 1 pic 0
- show security ike tunnel-map kmd-instance kmd1
- show security ike tunnel-map kmd-instance all
- show security ike tunnel-map summary
show security ike tunnel-map
user@host> show security ike tunnel-map
Gateway ID Gateway Name FPC PIC IKED Instance
2 ike_gw1 4 0 1
3 ike_gw2 7 0 1
4 ike_gw3 7 0 2
5 ike_gw4 4 0 2
show security ike tunnel-map brief
user@host> show security ike tunnel-map brief
Gateway ID Gateway Name FPC PIC IKED Instance
2 gw-01 1 0 1
3 LAN_1 1 0 2
4 LAN_2 1 0 1
5 LAN_3 1 0 2
6 LAN_4 1 0 1 show security ike tunnel-map fpc 1 pic 0
user@host> run show security ike tunnel-map fpc 1 pic 0
Gateway ID Gateway Name FPC PIC IKED Instance
2 gw-01 1 0 1
3 LAN_1 1 0 2
4 LAN_2 1 0 1
5 LAN_3 1 0 2
6 LAN_4 1 0 1 show security ike tunnel-map kmd-instance kmd1
user@host> show security ike tunnel-map kmd-instance kmd1
Gateway ID Gateway Name FPC PIC IKED Instance
2 gw-01 1 0 1
4 LAN_2 1 0 1
6 LAN_4 1 0 1 show security ike tunnel-map kmd-instance all
user@host> show security ike tunnel-map kmd-instance all
Gateway ID Gateway Name FPC PIC IKED Instance
2 gw-01 1 0 1
3 LAN_1 1 0 2
4 LAN_2 1 0 1
5 LAN_3 1 0 2
6 LAN_4 1 0 1 show security ike tunnel-map summary
user@host> show security ike tunnel-map summary FPC PIC SPU Load 1 0 5
Release Information
Command introduced in Junos OS Release 12.1X44-D10.