get ipsecvpn session active
Gives a list of all IPsec tunnels active in the edge nodes
Command example output
IKE Session ID : 8211
UUID : 7f42fddb-fa0d-42ce-920a-4171a72a27ca
SR ID : 3353e3a8-3597-494f-80e9-544365ec200e
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 185.xx.xx.37 Peer IP : 176.xx.xx.99
Local ID : 185.xx.xx.37 Peer ID : 176.xx.xx.99
Session Status : Up
Policy Rules
Policy UUID : 00003400-2000-1d2c-2000-1d3100000000
ToRule ID : 536878385 FromRule ID : 2684362033
Local Subnet : 192.168.16.0/24 Peer Subnet : 192.168.203.0/24
Tunnel Status : Up
get ipsecvpn session summary
Gives you a summary for all IPsec tunnels in the edge nodes – good for an overview of all with a down status
Command example output
Wed Jun 07 2023 UTC 12:05:58.768
Version SID Compliance Suite Type Auth Status Local IP Peer IP Down Reason
----------------------------------------------------------------------------------------------------------------------------
IKEv2 8196 NONE Policy PSK Up 185.xx.xx.16 87.xx.xx.170
IKEv1 0 NONE Policy PSK Down 185.xx.xx.184 212.xx.xx.136 SR state is not Active
IKEv1 8202 NONE Policy PSK Up 185.xx.xx.49 152.xx.xx.18
IKEv2 0 NONE Policy PSK Down 185.xx.xx.5 87.xx.xx.56 Session disabled
IKEv1 0 NONE Policy PSK Down 185.xx.xx.13 46.xx.xx.21 SR state is not Activeget ipsecvpn session sessionid <session-id SID>
Gives more detailed information, such as session id, IPSec version, Authentication, local IP and remote IP.
Command example output
Wed Jun 07 2023 UTC 12:47:56.059
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 8196
Session Name : Tunnel-50070020-c1134981-bd2075e9-a2315fce
Session Type : Policy Based
IKE SPI Initiator : 0x943e7e1ae27fb8ea
IKE SPI Responder : 0x2248cf04abbd01e5
Role : Responder
Number of Child SA Pairs : 1
Created Timestamp : 2023-06-07 12:12:32
IKE SA Uptime : 2124 sec
IKE SA Lifetime : 28800 sec
DPD Probe Interval : 60 sec
IP Address:
Local : 185.xx.xx.16
Remote : 87.xx.xx.170
Identity:
Local : 185.xx.xx.16 (ipv4)
Remote : 87.xx.xx.170 (ipv4)
Algorithm:
Encryption : aes256-cbc
Authentication : hmac-sha256-128
PRF : hmac-sha256
DH Group : 14
Authentication Method : Pre-shared key
VMW Feature Capabilities:
Local : VMW_VENDOR_ID
Remote :
----------------------------------------
get ipsecvpn ikesa sessionid 8196
Retrieve IKE security associations in detail, such as Service Parameter Index (SPI)
Command example output
Wed Jun 07 2023 UTC 12:47:56.059
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 8196
Session Name : Tunnel-50070020-c1134981-bd2075e9-a2315fce
Session Type : Policy Based
IKE SPI Initiator : 0x943e7e1ae27fb8ea
IKE SPI Responder : 0x2248cf04abbd01e5
Role : Responder
Number of Child SA Pairs : 1
Created Timestamp : 2023-06-07 12:12:32
IKE SA Uptime : 2124 sec
IKE SA Lifetime : 28800 sec
DPD Probe Interval : 60 sec
IP Address:
Local : 185.xx.xx.16
Remote : 87.xx.1x.170
Identity:
Local : 185.x.x.16 (ipv4)
Remote : 87.x.x.170 (ipv4)
Algorithm:
Encryption : aes256-cbc
Authentication : hmac-sha256-128
PRF : hmac-sha256
DH Group : 14
Authentication Method : Pre-shared key
VMW Feature Capabilities:
Local : VMW_VENDOR_ID
Remote :
----------------------------------------
get ipsecvpn sad session <Policy UUID>
Retrieve IPSec policy UUID, Encapsulating Security Payload (ESP). UUID found from get ipsecvpn session sessionid <sessionid>
Command example output
Wed Jun 07 2023 UTC 12:53:22.316
Total Number of IPSec SAs: 2
Outbound SAs:
Rule ID : 536878159
Policy UUID : 00003400-2000-0c6f-2000-1c4f00000000
VRF ID : 45
SPI : 0xb71a06ad
Created Timestamp : 2023-06-07 12:12:31
SA Uptime : 2451 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 0
Sequence Number (Sent) : 0
Anti-Replay Window Size : 960
TCP MSS Value : 0
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 185.xx.xx.16
Destination : 87.xx.xx.170
Subnets:
Source : 10.44.44.0/24
Destination : 192.168.1.0/24
Algorithm:
Encryption : aes-256-cbc
Authentication : sha256-hmac
Multi-Path : Disabled
----------------------------------------
Inbound SAs:
Rule ID : 2684361807
Policy UUID : 00003400-2000-0c6f-2000-1c4f00000000
VRF ID : 45
SPI : 0xca8d1d00
Created Timestamp : 2023-06-07 12:12:31
SA Uptime : 2451 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 1
Sequence Number (Recv) : 2446
Anti-Replay Window Size : 960
TCP MSS Value : 0
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 87.xx.xx.170
Destination : 185.xx.xx.16
Subnets:
Source : 192.168.1.0/24
Destination : 10.44.44.0/24
Algorithm:
Encryption : aes-256-cbc
Authentication : sha256-hmac
Multi-Path : Disabled
----------------------------------------get ipsecvpn ipsecsa session-id <session-id>
Retrieve IPsec security associations
Command example output
Wed Jun 07 2023 UTC 12:56:22.485
Total Number of IPSec SA Pairs: 1
Session ID : 8196
Created Timestamp : 2023-06-07 12:12:31
Local TS : ipv4(10.44.44.0-10.44.44.255)
Remote TS : ipv4(192.168.1.0-192.168.1.255)
SPI In : 0xca8d1d00 SPI Out : 0xb71a06ad
Rule ID In : 536878159 Rule ID Out : 2684361807
SA Uptime : 2631 sec SA Lifetime : 3600 sec
Local Endpoint : 185.xx.xx.16 Remote Endpoint: 87.xx.xx.170
Algorithm: aes256-cbc/hmac-sha256-128
NAT-T: False, ESN: False, DF-Policy: Clear
Anti-Replay Window Size: 960, Role: Responder
----------------------------------------Was this article helpful?
YesNo