/
show ipsec sa

show ipsec sa

Owned by Jean-luc KRIKER, created
Feb 17, 2025
2 min read
headerFTU.jpg

 

 

 

 

 

jlk-v600JLK1#show crypto ipsec sa interface: Tunnel 11 Crypto map tag: Ikev2IpsecProfile-1-internet, local addr 198.51.100.5 protected vrf: default local ident (addr/mask/prot/port): (198.51.100.5/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (176.149.235.201/255.255.255.255/47/0) current_peer 176.149.235.201 #pkts encaps: 6144, #pkts encrypt: 6144, #pkts digest: 6144 #pkts decaps: 10653, #pkts decrypt: 10653, #pkts verify: 10653 #send errors 0, #recv errors 0 inbound esp sas: spi: 0x110821A(17859098) transform: esp-aes-gcm-256 null , in use settings = {transport UDP-Encaps, } crypto map: Ikev2IpsecProfile-1-internet sa timing: remaining key lifetime (sec): (1570) kilobyte volume rekey has been disabled remaining idletime (sec): N/A replay detection support: N PFS (Y/N): Y, DH group: 20 Status: ACTIVE outbound esp sas: spi: 0x12556D5(19224277) transform: esp-aes-gcm-256 null , in use settings = {transport UDP-Encaps, } crypto map: Ikev2IpsecProfile-1-internet sa timing: remaining key lifetime (sec): (1570) kilobyte volume rekey has been disabled remaining idletime (sec): N/A replay detection support: N PFS (Y/N): Y, DH group: 20 Status: ACTIVE interface: Tunnel 12 Crypto map tag: Ikev2IpsecProfile-1-mpls, local addr 198.51.100.9 protected vrf: default local ident (addr/mask/prot/port): (198.51.100.9/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (176.149.235.201/255.255.255.255/47/0) current_peer 176.149.235.201 #pkts encaps: 10498, #pkts encrypt: 10498, #pkts digest: 10498 #pkts decaps: 10657, #pkts decrypt: 10657, #pkts verify: 10657 #send errors 0, #recv errors 0 inbound esp sas: spi: 0x16F7E7A(24084090) transform: esp-aes-gcm-256 null , in use settings = {transport UDP-Encaps, } crypto map: Ikev2IpsecProfile-1-mpls sa timing: remaining key lifetime (sec): (1566) kilobyte volume rekey has been disabled remaining idletime (sec): N/A replay detection support: N PFS (Y/N): Y, DH group: 20 Status: ACTIVE outbound esp sas: spi: 0x1F94804(33114116) transform: esp-aes-gcm-256 null , in use settings = {transport UDP-Encaps, } crypto map: Ikev2IpsecProfile-1-mpls sa timing: remaining key lifetime (sec): (1566) kilobyte volume rekey has been disabled remaining idletime (sec): N/A replay detection support: N PFS (Y/N): Y, DH group: 20 Status: ACTIVE jlk-v600JLK1#

 

 

 

 

 

Related content

Show command IPsec
Show command IPsec
Juniper Security
More like this
Crypto IPsec
Crypto IPsec
Ekinops
More like this
Troubleshoot IPsec issues
Troubleshoot IPsec issues
Juniper Security
More like this
ipsec troubleshooting with traceoptions
ipsec troubleshooting with traceoptions
Juniper Security
More like this
AJSEC Lab1 Layer2 security
AJSEC Lab1 Layer2 security
Juniper Security
More like this
Remote access IPsec Configureation
Remote access IPsec Configureation
Juniper Security
More like this