Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

show vpn ipsec sa detail

Provides detailed information about active IPsec security associations.

show vpn ipsec sa detail [ peer peer [ tunnel tunnel ] ]
peer
The peer to display information about.
tunnel
The tunnel to display information about. The number ranges from 0 through 4294967295.

Operational mode

Use this command to display detailed information about remote VPN peers and IPsec security associations (SAs) currently in effect.

The following example shows the output of the show vpn ipsec sa detail command.

vyatta@WEST> show vpn ipsec sa detail
------------------------------------------------------------------
Peer IP:                190.160.3.2
Peer ID:                190.160.3.2
Local IP:               190.160.2.1
Local ID:               190.160.2.1
NAT Traversal:          no
NAT Source Port:        500
NAT Dest Port:          500

    Tunnel 1:
        State:                  up
        Inbound SPI:            c76eac7d
        Outbound SPI:           c29b9e88
        Encryption:             aes256
        Hash:                   md5
        DH Group:               5

        Local Net:              190.160.1.0/24
        Local Protocol:         all
        Local Port:             all

        Remote Net:             190.160.4.0/24
        Remote Protocol:        all
        Remote Port:            all

        Inbound Bytes:          0.0
        Outbound Bytes:         0.0

        Inbound Blocked:        no
        Outbound Blocked:       no

        Active Time (s):        6
        Lifetime (s):           1800
vyatta@WEST>

The following example shows the output of the show vpn ipsec sa detail peer peer command for an x509 tunnel (note the “CA” information).

vyatta@WEST> show vpn ipsec sa detail peer  190.160.3.2
------------------------------------------------------------------
Peer IP:                190.160.3.2
Peer ID:                190.160.3.2
Local IP:               190.160.3.1
Local ID:               190.160.3.1
NAT Traversal:          no
NAT Source Port:        500
NAT Dest Port:          500

    Tunnel 1:
        State:                  up
        Inbound SPI:            cadcb2d6
        Outbound SPI:           c4d66a6c
        Encryption:             aes256
        Hash:                   md5
        DH Group:               5

        Local Net:              192.85.1.0/24
        Local Protocol:         all
        Local Port:             all

        Remote Net:             193.85.1.0/24
        Remote Protocol:        all
        Remote Port:            all

        Inbound Bytes:          0.0
        Outbound Bytes:         0.0

        Inbound Blocked:        no
        Outbound Blocked:       no

        Active Time (s):        121
        Lifetime (s):           1800