JunosE 11.3.x IP Services Configuration Guide
Monitoring IPSec
System Event Logs
show Commands
show ipsec ike-policy-rule
show ike policy-rule
160
erx3:vrB(config)#interface tunnel ipsec:Bboston2ottawa transport-virtual-router
default
erx3:vrB(config-if)#tunnel transform-set customerBprotection
erx3:vrB(config-if)#tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrB(config-if)#tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx3:vrB(config-if)#tunnel source 5.3.0.1
erx3:vrB(config-if)#tunnel destination 5.1.0.1
erx3:vrB(config-if)#ip address 10.1.0.0 255.255.0.0
erx3:vrB(config-if)#exit
Tunnel from Boston to Boca on virtual router B:
erx3:vrB(config)#interface tunnel ipsec:Bboston2boca transport-virtual-router default
erx3:vrB(config-if)#tunnel transform-set customerBprotection
erx3:vrB(config-if)#tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrB(config-if)#tunnel peer-identity subnet 10.2.0.0 255.255.0.0
erx3:vrB(config-if)#tunnel source 5.3.0.1
erx3:vrB(config-if)#tunnel destination 5.2.0.1
erx3:vrB(config-if)#ip address 10.2.0.0 255.255.0.0
erx3:vrB(config-if)#exit
The configuration is complete. Customer A's traffic and customer B's traffic can flow
through the public, or untrusted, IP network inside a tunnel, where each packet is encrypted
and authenticated.
This section contains information about troubleshooting and monitoring IPSec.
To troubleshoot and monitor IPSec, use the following system event logs:
auditIpsec—Lower layers of IKE SA negotiations
ikepki—Upper layers of IKE SA negotiations
stTunnel—Secure tunnel interface
For more information about using event logs, see the JunosE System Event Logging
Reference Guide.
To view your IPSec configuration and to monitor IPSec tunnels and statistics, use the
following show commands.
NOTE: The show ipsec ike-policy-rule command replaces the show ipsec
isakmp-policy-rule command, which may be removed completely in a future
release.
Copyright © 2010, Juniper Networks, Inc.