show vpn ipsec sa detail
Provides detailed information about active IPsec security associations.
- peer
- The peer to display information about.
- tunnel
- The tunnel to display information about. The number ranges from 0 through 4294967295.
Operational mode
Use this command to display detailed information about remote VPN peers and IPsec security associations (SAs) currently in effect.
The following example shows the output of the show vpn ipsec sa detail command.
vyatta@WEST> show vpn ipsec sa detail
------------------------------------------------------------------
Peer IP: 190.160.3.2
Peer ID: 190.160.3.2
Local IP: 190.160.2.1
Local ID: 190.160.2.1
NAT Traversal: no
NAT Source Port: 500
NAT Dest Port: 500
Tunnel 1:
State: up
Inbound SPI: c76eac7d
Outbound SPI: c29b9e88
Encryption: aes256
Hash: md5
DH Group: 5
Local Net: 190.160.1.0/24
Local Protocol: all
Local Port: all
Remote Net: 190.160.4.0/24
Remote Protocol: all
Remote Port: all
Inbound Bytes: 0.0
Outbound Bytes: 0.0
Inbound Blocked: no
Outbound Blocked: no
Active Time (s): 6
Lifetime (s): 1800
vyatta@WEST>
The following example shows the output of the show vpn ipsec sa detail peer peer command for an x509 tunnel (note the “CA” information).
vyatta@WEST> show vpn ipsec sa detail peer 190.160.3.2
------------------------------------------------------------------
Peer IP: 190.160.3.2
Peer ID: 190.160.3.2
Local IP: 190.160.3.1
Local ID: 190.160.3.1
NAT Traversal: no
NAT Source Port: 500
NAT Dest Port: 500
Tunnel 1:
State: up
Inbound SPI: cadcb2d6
Outbound SPI: c4d66a6c
Encryption: aes256
Hash: md5
DH Group: 5
Local Net: 192.85.1.0/24
Local Protocol: all
Local Port: all
Remote Net: 193.85.1.0/24
Remote Protocol: all
Remote Port: all
Inbound Bytes: 0.0
Outbound Bytes: 0.0
Inbound Blocked: no
Outbound Blocked: no
Active Time (s): 121
Lifetime (s): 1800