NSX CLI

get ipsecvpn session active

Gives a list of all IPsec tunnels active in the edge nodes

Command example output

IKE Session ID : 8211
UUID : 7f42fddb-fa0d-42ce-920a-4171a72a27ca
SR ID : 3353e3a8-3597-494f-80e9-544365ec200e
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE

Local IP : 185.xx.xx.37 Peer IP : 176.xx.xx.99
Local ID : 185.xx.xx.37 Peer ID : 176.xx.xx.99
Session Status : Up

Policy Rules
Policy UUID : 00003400-2000-1d2c-2000-1d3100000000
ToRule ID : 536878385 FromRule ID : 2684362033
Local Subnet : 192.168.16.0/24 Peer Subnet : 192.168.203.0/24
Tunnel Status : Up

get ipsecvpn session summary

Gives you a summary for all IPsec tunnels in the edge nodes – good for an overview of all with a down status

Command example output

Wed Jun 07 2023 UTC 12:05:58.768
Version  SID  Compliance Suite Type    Auth  Status        Local IP         Peer IP          Down Reason
----------------------------------------------------------------------------------------------------------------------------
IKEv2    8196 NONE             Policy  PSK   Up            185.xx.xx.16   87.xx.xx.170
IKEv1    0    NONE             Policy  PSK   Down          185.xx.xx.184     212.xx.xx.136  SR state is not Active
IKEv1    8202 NONE             Policy  PSK   Up            185.xx.xx.49      152.xx.xx.18
IKEv2    0    NONE             Policy  PSK   Down          185.xx.xx.5    87.xx.xx.56     Session disabled
IKEv1    0    NONE             Policy  PSK   Down          185.xx.xx.13   46.xx.xx.21      SR state is not Active

get ipsecvpn session sessionid <session-id SID>

Gives more detailed information, such as session id, IPSec version, Authentication, local IP and remote IP.

Command example output

    Wed Jun 07 2023 UTC 12:47:56.059
    Total Number of IKE SAs: 1

    IKE Version              : IKEv2
    IKE Status               : Up
    IKE Session ID           : 8196
    Session Name             : Tunnel-50070020-c1134981-bd2075e9-a2315fce
    Session Type             : Policy Based

    IKE SPI Initiator        : 0x943e7e1ae27fb8ea
    IKE SPI Responder        : 0x2248cf04abbd01e5
    Role                     : Responder

    Number of Child SA Pairs : 1
    Created Timestamp        : 2023-06-07 12:12:32
    IKE SA Uptime            : 2124 sec
    IKE SA Lifetime          : 28800 sec
    DPD Probe Interval       : 60 sec

    IP Address:
      Local                  : 185.xx.xx.16
      Remote                 : 87.xx.xx.170

    Identity:
      Local                  : 185.xx.xx.16 (ipv4)
      Remote                 : 87.xx.xx.170 (ipv4)

    Algorithm:
      Encryption             : aes256-cbc
      Authentication         : hmac-sha256-128
      PRF                    : hmac-sha256
    DH Group                 : 14

    Authentication Method    : Pre-shared key

    VMW Feature Capabilities:
      Local                  : VMW_VENDOR_ID
      Remote                 :
    ----------------------------------------

Command example output

Wed Jun 07 2023 UTC 12:44:18.522
Total Number of Sessions: 1

IKE Session ID   : 8196
UUID             : 50070020-c113-4981-bd20-75e9a2315fce
SR ID            : 2e54286c-b409-45f0-bfb9-2a19a290d9ad
Type             : Policy
Auth Mode        : PSK
Compliance Suite : NONE

Local IP         : 185.xx.xx.16     Peer IP          : 87.xx.xx.170
Local ID         : 185.xx.xx.16     Peer ID          : 87.xx.xx.170
Session Status   : Up

Policy Rules
    Policy UUID      : 00003400-2000-0c6f-2000-1c4f00000000
    ToRule ID        : 536878159          FromRule ID      : 2684361807
    Local Subnet     : 10.44.44.0/24      Peer Subnet      : 192.168.1.0/24
    Tunnel Status    : Up

Was this article helpful?

YesNo