Monitoring Ipsec Tunnel Profiles; System Event Logs; Show Commands - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

JunosE 11.3.x IP Services Configuration Guide

Monitoring IPSec Tunnel Profiles

System Event Logs

show Commands

show ipsec tunnel profile
182
Use the no version to set the negotiation mode to main mode.
See aggressive-mode.
This section contains information about troubleshooting and monitoring dynamic IPSec
subscribers.
To troubleshoot and monitor dynamic IPSec subscribers, use the following system event
log:
ipsecIdDb—IPsec ID database
ipsecXcfgSM—IPsec Xauth/ModeCfg state machine
ipsecP1Throttler—Ongoing Phase 1 negotiations
For more information about using event logs, see the JunosE System Event Logging
Reference Guide.
To display user information for dynamic IPSec tunnel profiles or subscribers, use the
following show commands.
Use to display information about all existing IPSec tunnel profiles or a specified tunnel
profile.
Use the detail keyword to display detailed information about the tunnel profile.
Example 1
host1#show ipsec tunnel profile
IPsec tunnel profile ipsec-spg is active with no subscriber
1 IPsec tunnel profile found
Example 2
host1#show ipsec tunnel profile detail ipsec-spg
IPsec tunnel profile ipsec-spg is active with no subscriber
Extended-authentication: pap, no re-authentication
Peer IP characteristics configuration: enabled
Virtual router: default
Local IP address: 10.227.5.31
Local IKE identity: 10.227.5.31
Peer IKE identity: IP network: not allowed
Maximum subscribers: no limit
Domain suffix: @spg
IP profile: ip-spg
Local IPsec identity: subnet 0.0.0.0 0.0.0.0, proto 0, port 0
username: *
domain-name: spg.juniper.net
DN: not allowed
Copyright © 2010, Juniper Networks, Inc.