Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 196

JUNOSe 11.1.x IP Services Configuration Guide
show ipsec ike-sa
show ike sa
NOTE: The show ipsec ike-sa command replaces the show ike sa command, which
may be removed completely in a future release.
170
Monitoring IPSec
hash algorithm
authentication method:Pre Shared Keys
Diffie-Hellman group :2 (1024 bit)
lifetime
aggressive mode
See show ipsec ike-policy-rule.
See show ike policy-rule.
Use to display IKE phase 1 SAs running on the router.
Field descriptions
Local:Port Local IP address and UDP port number of phase 1 negotiation
Remote:Port Remote IP address and UDP port number of phase 1
negotiation
Time(Sec) Time remaining in phase 1 lifetime, in seconds
State Current state of the phase 1 negotiation. Corresponds to the messaging
state in the main mode and aggressive mode negotiations. Possible states
are:
AM_SA_I Initiator has sent initial aggressive mode SA payload and key
exchange to the responder
AM_SA_R Responder has sent aggressive mode SA payload and key
exchange to the initiator
AM_FINAL_I Initiator has finished aggressive mode negotiation
AM_DONE_R Responder has finished aggressive mode negotiation
MM_SA_I Initiator has sent initial main mode SA payload to the
responder
MM_SA_R Responder has sent a response to the initial main mode SA
MM_KE_I Initiator has sent initial main mode key exchange to the
responder
MM_KE_R Responder has sent a response to the key exchange
MM_FINAL_I Initiator has sent the final packet in the main mode
negotiation
MM_FINAL_R Responder has finished main mode negotiation
:SHA Secure Hash Standard
:28800 seconds
:Not Allowed