You can click on the Tunnel info to get the details of the Phase2 SA. Gateway Name TnID Tunnel ID Parent Role SPI(in) SPI(out) MsgID ST Gateway ID Peer-Address Gateway Name Role SN Algorithm Established Expiration Xt Child STģ8 203.0.113.100 ike-gw Resp 2 PSK/DH20/A256/SHA512 Dec.04 00:10:58 Dec.04 08:10:58 0 1 Established If phase-1 SA is down you would not see the peer IP and the Established status.įor ikev2, the IKE Info details appear the same, when you click on IKE Info
Show IKEv1 phase2 SA: Total 1 gateways found. Gateway Name TnID Tunnel GwID/IP Role Algorithm SPI(in) SPI(out) MsgID ST Xt Show IKEv1 IKE SA: Total 1 gateways found. GwID/client IP Peer-Address Gateway Name Role Mode Algorithm Established Expiration V ST Xt Phase2ģ8 203.0.113.100 ike-gw Init Main PSK/DH20/A256/SHA512 Dec.03 22:37:01 Dec.04 06:37:01 v1 13 1 1 If ike phase1 sa is down, the ike info would be empty.
You can click on the IKE info to get the details of the Phase1 SA. Check ike phase1 status (in case of ikev1) Note: Manual initiation is possible only from the CLI.Ģ. In case you want to manually initiate the tunnel, without the actual traffic you could use the below commands. The VPN tunnel is negotiated only when there is interesting traffic destined to the tunnel.(On-demand) Initiate VPN ike phase1 and phase2 SA manually.
This document can be used to verify the status of an IPSEC tunnel, validate tunnel monitoring, clear the tunnel, and restore the tunnel.ġ.
0 kommentar(er)
