Sa Monitor Commands; Ipv4 Ikev2 Sa Commands - ZyXEL Communications ZYWALL USG Series Reference Manual
Security firewalls
Hide thumbs
Also See for ZYWALL USG Series:
- Application notes (187 pages) ,
- Application note (184 pages) ,
- User manual (150 pages)
Table of Contents
Advertisement
28.2.6 SA Monitor Commands
This table lists the commands for the SA monitor.
Table 106 sa Commands: SA Monitor
COMMAND
show sa monitor [{begin
<1..1000>} | {end <1..1000>} |
{crypto-map regexp} | {policy
regexp} |{rsort sort_order} |
{sort sort_order}]
show isakmp sa
no sa spi spi
no sa tunnel-name map_name
show vpn-counters
28.2.7 IPv4 IKEv2 SA Commands
This table lists the commands for the IPv4 IKEv2 SA.
Table 107 sa Commands: IPv4 IKEv2
COMMAND
show ikev2 policy [policy_name] Shows the specified IKEv2 SA or all IKEv2 SAs.
[no] ikev2 policy policy_name
activate
deactivate
authentication {pre-share
| rsa-sig}
certificate certificate-
name
ZyWALL / USG (ZLD) CLI Reference Guide
DESCRIPTION
Displays the current IPSec SAs and the status of each one. You can specify a range of
SA entries to display. You can also control the sort order of the display and search by
VPN connection or (local or remote) policy.
regexp: A keyword or regular expression. Use up to 30 alphanumeric and _+-
.()!$*^:?|{}[]<>/ characters.
A question mark (?) lets a single character in the VPN connection or policy name
vary. For example, use "a?c" (without the quotation marks) to specify abc, acc and
so on.
Wildcards (*) let multiple VPN connection or policy names match the pattern. For
example, use "*abc" (without the quotation marks) to specify any VPN connection or
policy name that ends with "abc". A VPN connection named "testabc" would match.
There could be any number (of any type) of characters in front of the "abc" at the
end and the VPN connection or policy name would still match. A VPN connection or
policy name named "testacc" for example would not match.
A * in the middle of a VPN connection or policy name has the ZyWALL / USG check
the beginning and end and ignore the middle. For example, with "abc*123", any VPN
connection or policy name starting with "abc" and ending in "123" matches, no
matter how many characters are in between.
The whole VPN connection or policy name has to match if you do not use a question
mark or asterisk.
See
Table 100 on page 186
Displays current IKE SA and the status of each one.
Deletes the SA specified by the SPI.
spi: 2-8 hexadecimal (0-9, A-F) characters
Deletes the specified IPSec SA.
Displays VPN traffic statistics.
DESCRIPTION
Creates the specified IKEv2 SA if necessary and enters sub-command mode. The no
command deletes the specified IKEv2 SA.
Activates or deactivates the specified IKEv2 SA.
Specifies whether to use a pre-shared key or a certificate for authentication
Sets the certificate that can be used for authentication.
for other parameter description.
Chapter 28 IPSec VPN
193
Hide quick links:
Advertisement
Table of Contents
