Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 187

show ipsec ike-sa
show ike sa
Copyright © 2010, Juniper Networks, Inc.
Use to display the configuration of IKE phase 1 policy rules.
Field descriptions
Protection suite priority—Priority number assigned to the policy rule
encryption algorithm—Encryption algorithm used in the IKE policy: des, 3des
hash algorithm—Hash algorithm used in the IKE policy: SHA, MD5
authentication method—Authentication method used in the IKE policy: RSA signature,
preshared keys
Diffie-Hellman group—Size of the Diffie-Hellman group: 768-bit, 1024-bit, 1536-bit
lifetime—Lifetime of SAs created with this policy: 60 to 86400 seconds
aggressive mode—Allowed or not allowed
Example
host1#show ipsec ike-policy-rule
IKE Policy Rules:
Protection suite priority: 5
encryption algorithm :3DES Triple Data Encryption Standard(168 bit
keys)
hash algorithm
authentication method:RSA Signatures
Diffie-Hellman group :5 (1536 bit)
lifetime
aggressive mode
Protection suite priority: 6
encryption algorithm :3DES Triple Data Encryption Standard(168 bit
keys)
hash algorithm
authentication method:Pre Shared Keys
Diffie-Hellman group :2 (1024 bit)
lifetime
aggressive mode
See show ipsec ike-policy-rule.
See show ike policy-rule.
NOTE: The show ipsec ike-sa command replaces the show ike sa command,
which may be removed completely in a future release.
Use to display IKE phase 1 SAs running on the router.
Field descriptions
:SHA Secure Hash Standard
:7200 seconds
:Not Allowed
:SHA Secure Hash Standard
:28800 seconds
:Not Allowed
Chapter 5: Configuring IPSec
161