show ipsec ike-sa
show ike sa
NOTE:
The
show ipsec ike-sa
command replaces the
show ike sa
command, which
may be removed completely in a future release.
■
Use to display IKE phase 1 SAs running on the router.
■
When NAT-T is enabled on both the client PC and the E Series router, and the
router has negotiated NAT-T as part of the IKE SA, the local UDP port number
displayed in the Local:Port column is typically 4500. When NAT-T is disabled or
not supported on one or both sides of the IKE SA negotiation, the local UDP port
number is 500. (See the example under Field Descriptions for more information.)
■
Field descriptions
■
Local:Port—Local IP address and UDP port number of phase 1 negotiation
■
Remote:Port—Remote IP address and UDP port number of phase 1
negotiation
■
Time(Sec)—Time remaining in phase 1 lifetime, in seconds
■
State—Current state of the phase 1 negotiation. Corresponds to the messaging
state in the main mode and aggressive mode negotiations. Possible states
are:
■
AM_SA_I—Initiator has sent initial aggressive mode SA payload and key
exchange to the responder
■
AM_SA_R—Responder has sent aggressive mode SA payload and key
exchange to the initiator
■
AM_FINAL_I—Initiator has finished aggressive mode negotiation
■
AM_DONE_R—Responder has finished aggressive mode negotiation
■
MM_SA_I—Initiator has sent initial main mode SA payload to the
responder
■
MM_SA_R—Responder has sent a response to the initial main mode SA
■
MM_KE_I—Initiator has sent initial main mode key exchange to the
responder
■
MM_KE_R—Responder has sent a response to the key exchange
■
MM_FINAL_I—Initiator has sent the final packet in the main mode
negotiation
■
MM_FINAL_R—Responder has finished main mode negotiation
■
MM_DONE_I—Initiator has finished main mode negotiation
■
DONE—Phase 1 SA negotiation is complete, as evidenced by receipt of
some phase 2 messages
308
■
Monitoring DVMRP/IPSec, GRE/IPSec, and L2TP/IPSec Tunnels
JUNOSe 11.1.x IP Services Configuration Guide
Summary of Contents for IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...