show security ipsec tunnel-events-statistics
Syntax
show security ipsec tunnel-events-statistics
Description
Show tunnel event statistics.
Required Privilege Level
view
Sample Output
- show security ipsec tunnel-events statistics
- show security ipsec tunnel-events statistics (identity-management)
show security ipsec tunnel-events statistics
user@host> show security ipsec tunnel-events statistics IPSec SA delete payload received from peer : 153 Configuration change triggered clearing of IPSec SA : 1 Peer's remote IKE-ID validation failed during negotiation : 2 Phase1 proposal mismatch detected : 2 Phase2 proposal mismatch detected : 2 Peer proposed traffic-selectors are not in configured range : 8576 Negotiation failed as peer did not respond : 4 IKE SA negotiation successfully completed : 19 IPSec SA negotiation successfully completed : 154 PKI validation failed: Peer's CA not configured in trusted-CA-group in IKE policy : 1 Tunnel is ready. Waiting for trigger event or peer to trigger negotiation : 1
show security ipsec tunnel-events statistics (identity-management)
user@host> show security ipsec tunnel-events statistics IPsec SA negotiation succeeds : 1 IPsec SA rekey succeeds : 11 IPsec SA identity-management tunnel create event sent : 1 IPsec SA identity-management tunnel rekey event sent : 11 IPsec SA identity-management tunnel delete event sent : 1
Release Information
Command introduced in Junos OS Release 12.3X48-D10.
Starting with Junos OS Release 15.1X49-D120, you can configure the CLI option
reject-duplicate-connection at the [edit security ike
gateway gateway-name dynamic] hierarchy level to
retain an existing tunnel session and reject negotiation requests for a new tunnel
with the same IKE ID. By default, an existing tunnel is tear down when a new tunnel
with the same IKE ID is established. The
reject-duplicate-connection option is only supported when
ike-user-type group-ike-id or ike-user-type
shared-ike-id is configured for the IKE gateway; the aaa
access-profile profile-name configuration is not
supported with this option.
Use the CLI option reject-duplicate-connection only when you are
certain that reestablishment of a new tunnel with the same IKE ID should be
rejected.
Support for identity-management statistics added in Junos OS Release
24.4R1.