show security ipsec statistics
Syntax
show security ipsec statistics
<fpc slot-number>
<index SA-index-number>
<pic slot-number>
<srg-id id-number>
<ha-link-encryption>
Description
Display standard IPsec statistics.
Options
none—Display statistics about all IPsec security associations (SAs).
fpcslot-number—Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this Flexible PIC Concentrator (FPC) slot. This option is used to filter the output.indexSA-index-number—(Optional) Display statistics for the SA with this index number.-
srg-idid-number—(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup.
picslot-number—Specific to SRX Series Firewalls. Display statistics about existing IPsec SAs in this PIC slot. This option is used to filter the output.
ha-link-encryption—(Optional) Display information related to interchassis link tunnel only. See ipsec (High Availability) and show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800).
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security ipsec statistics command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
The root system. |
|
|
|
|
|
|
Sample Output
show security ipsec statistics
user@host> show security ipsec statistics Virtual-system: Root ESP Statistics: Encrypted bytes: 0 Decrypted bytes: 0 Encrypted packets: 0 Decrypted packets: 0 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
Sample Output
show security ipsec statistics index 131073
user@host> show security ipsec statistics index 131073 ESP Statistics: Encrypted bytes: 952 Decrypted bytes: 588 Encrypted packets: 7 Decrypted packets: 7 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0 FC Name Encrypted Pkts Decrypted Pkts Encrypted bytes Decrypted bytes best-effort 7 7 952 588 custom_q1 0 0 0 0 custom_q2 0 0 0 0 network-control 0 0 0 0 custom_q4 0 0 0 0 custom_q5 0 0 0 0 custom_q6 0 0 0 0 custom_q7 0 0 0 0 default 0 0 0 0
Starting with Junos OS Release 18.2R1, the CLI show security
ipsec statistics index 131073 index-number output displays statistics for each forwarding class name.
Sample Output
- show security ipsec statistics fpc 6 pic 1 (SRX Series Firewalls)
- show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800)
- show security ipsec statistics (MX-SPC3)
- #show-security-ipsec-stats__subsection_htj_1dx_5vb
- show security ipsec statistics (MX304)
show security ipsec statistics fpc 6 pic 1 (SRX Series Firewalls)
user@host> show security ipsec statistics fpc 6 pic 1 ESP Statistics: Encrypted bytes: 536408 Decrypted bytes: 696696 Encrypted packets: 1246 Decrypted packets: 888 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
show security ipsec statistics ha-link-encryption (SRX5400, SRX5600, SRX5800)
Starting in Junos OS Release 20.4R1, when you configure the high availability (HA) feature, you can use this show command to view only interchassis link tunnel details. The following command displays only link encryption tunnel statistics on both nodes.
user@host> show security ipsec statistics ha-link-encryption ESP Statistics: Encrypted bytes: 10376 Decrypted bytes: 4996 Encrypted packets: 96 Decrypted packets: 96 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Discarded: 0
show security ipsec statistics (MX-SPC3)
Starting with Junos OS Release 21.3R1, a new field Tunnel MTU in
the output of the CLI show security ipsec statistics displays the option
configured under ipsec vpn hub-to-spoke-vpn tunnel-mtu hierarchy.
user@host> show security ipsec statistics Encrypted bytes: 0 Decrypted bytes: 0 Encrypted packets: 0 Decrypted packets: 0 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Exceeds tunnel MTU: 0 -------- New counter Discarded: 0
user@host> show security ipsec statistics srg-id 1 ESP Statistics: Encrypted bytes: 10646 Decrypted bytes: 4296 Encrypted packets: 96 Decrypted packets: 96 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Invalid SPI: 0, TS check fail: 0 Exceeds tunnel MTU: 0 Discarded: 0
show security ipsec statistics (MX304)
user@host> show security ipsec statistics ESP Statistics: Encrypted bytes: 724710 Decrypted bytes: 950040 Encrypted packets: 3045 Decrypted packets: 3045 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0
Release Information
Command introduced in Junos OS Release
8.5. fpc and pic options added in Junos OS Release
9.3.
Support for the ha-link-encryption option added in Junos OS Release 20.4R1.
Support for the srg-id option added in Junos OS Release 22.4R1.