show security ipsec statistics
Syntax
show security ipsec statistics
<fpc slot-number>
<index SA-index-number>
<pic slot-number>
<srg-id id-number>
<ha-link-encryption>
Description
Display standard IPsec statistics.
Options
-
none—Display statistics about all IPsec security associations (SAs).
-
fpc
slot-number
—Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this Flexible PIC Concentrator (FPC) slot. This option is used to filter the output. -
index
SA-index-number
—(Optional) Display statistics for the SA with this index number. -
srg-id
id-number
—(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup.
-
pic
slot-number
—Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this PIC slot. This option is used to filter the output.
-
ha-link-encryption
—(Optional) Display information related to interchassis link tunnel only. See ipsec (High Availability) and show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800).
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the
show security ipsec statistics
command. Output fields are listed in the
approximate order in which they appear.
Field Name |
Field Description |
---|---|
|
The root system. |
|
|
|
|
|
|
Multi-sa tunnel statistics |
|
Sample Output
- show security ipsec statistics
- show security ipsec statistics index 131073
- show security ipsec statistics fpc 6 pic 1 (SRX Series Firewalls)
- show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800)
- show security ipsec statistics (MX-SPC3)
- show security ipsec statistics srg-id <srg-id>
- show security ipsec statistics (MX304)
- show security ipsec statistics index <index-number> (forwarding class details)
show security ipsec statistics
user@host> show security ipsec statistics Virtual-system: Root ESP Statistics: Encrypted bytes: 0 Decrypted bytes: 0 Encrypted packets: 0 Decrypted packets: 0 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
show security ipsec statistics index 131073
user@host> show security ipsec statistics index 131073 ESP Statistics: Encrypted bytes: 952 Decrypted bytes: 588 Encrypted packets: 7 Decrypted packets: 7 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0 FC Name Encrypted Pkts Decrypted Pkts Encrypted bytes Decrypted bytes best-effort 7 7 952 588 custom_q1 0 0 0 0 custom_q2 0 0 0 0 network-control 0 0 0 0 custom_q4 0 0 0 0 custom_q5 0 0 0 0 custom_q6 0 0 0 0 custom_q7 0 0 0 0 default 0 0 0 0
Starting with Junos OS Release 18.2R1, the CLI show security ipsec statistics
index 131073 index-number
output displays statistics for
each forwarding class name.
show security ipsec statistics fpc 6 pic 1 (SRX Series Firewalls)
user@host> show security ipsec statistics fpc 6 pic 1 ESP Statistics: Encrypted bytes: 536408 Decrypted bytes: 696696 Encrypted packets: 1246 Decrypted packets: 888 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800)
Starting in Junos OS Release 20.4R1, when you configure the high availability (HA) feature, you can use this show command to view only interchassis link tunnel details. The following command displays only link encryption tunnel statistics on both nodes.
user@host> show security ipsec statistics ha-link-encryption ESP Statistics: Encrypted bytes: 10376 Decrypted bytes: 4996 Encrypted packets: 96 Decrypted packets: 96 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
show security ipsec statistics (MX-SPC3)
Starting with Junos OS Release 21.3R1, a new field Tunnel MTU in
the output of the CLI show security ipsec statistics
displays the option
configured under ipsec vpn hub-to-spoke-vpn tunnel-mtu
hierarchy.
user@host> show security ipsec statistics Encrypted bytes: 0 Decrypted bytes: 0 Encrypted packets: 0 Decrypted packets: 0 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Exceeds tunnel MTU: 0 -------- New counter Discarded: 0
show security ipsec statistics srg-id <srg-id>
user@host> show security ipsec statistics srg-id 1 ESP Statistics: Encrypted bytes: 10646 Decrypted bytes: 4296 Encrypted packets: 96 Decrypted packets: 96 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Exceeds tunnel MTU: 0 Discarded: 0
show security ipsec statistics (MX304)
user@host> show security ipsec statistics ESP Statistics: Encrypted bytes: 724710 Decrypted bytes: 950040 Encrypted packets: 3045 Decrypted packets: 3045 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0
show security ipsec statistics index <index-number> (forwarding class details)
user@host> show security ipsec statistics index 67108865 ESP Statistics: Encrypted bytes: 0 Decrypted bytes: 0 Encrypted packets: 0 Decrypted packets: 0 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 FC-name Encrypted pkts Encrypted bytes Decrypted pkts Decrypted bytes default 10 840 10 840 voip-data 100 8400 100 8400 web-data 200 16800 200 16800
Release Information
Command introduced in Junos OS Release 8.5. fpc
and pic
options added in Junos OS Release
9.3.
Support for the ha-link-encryption
option added in Junos OS Release
20.4R1.
Support for the srg-id
option added in Junos OS Release 22.4R1.