vpn tu list

Description

Shows IPsec SAs and IKE SAs.

Syntax for IPv4 and IPv6

vpn tu [-w] list

ike

ipsec

peer_ike <IP Address>

peer_ipsec <IP Address>

probes [{-e | -m | -s}]

tunnels

Parameters

Parameter

Description

-w

Shows various warnings on the screen.

ike

Shows all IKE SAs.

Note - This command is the same as:

In the main vpn tu menu, the option (1) List all IKE SAs.
In the vpn shell menu, the option show > tunnels > IKE > all or the option tunnels > show > IKE > all.

ipsec

Shows all IPsec SAs.

Note - This command is the same as:

In the main vpn tu menu, the option (2) List all IPsec SAs.
In the vpn shell menu, the option show > tunnels > IPsec > all or the option tunnels > show > IPsec > all.

peer_ike <IP Address>

Shows all IKE SAs for the specified VPN peer.

Note - This command is the same as:

In the main vpn tu menu, the option (3) List all IKE SAs for a given peer (GW).
In the vpn shell menu, the option show > tunnels > IKE > peer <Internal Peer IP> or the option tunnels > show > IKE > peer <Internal Peer IP>.

peer_ipsec <IP Address>

Shows all IPsec SAs for the specified VPN peer.

Note - This command is the same as:

In the main vpn tu menu, the option (4) List all IPsec SAs for a given peer (GW).
In the vpn shell menu, the option show > tunnels > IPsec > peer <Internal Peer IP> or the option tunnels > show > IPsec > peer <Internal Peer IP>.

probes [{-e | -m | -s}]

Shows information about VPN Network Probes.

Optional parameters:

-e

Filters the output by the encryption state (encrypted, non-encrypted, waiting)
-m

Filters the output by the probing mode (direct-icmp, spoofed-icmp, http)
-s

Filters the output by the probe status (up, down, unknown)

In addition, see the probemon command.

tunnels

Shows information about VPN tunnels.

In addition, see the vpn tu tlist command.

Example of vpn tu list probes

[Expert@GW:0]# vpn tu list probes
+---------------------------------++---------------------------------------+-------------------------------+
| Probe Name: R82                 || Peer: 10.20.1.182 - 3980_Cluster      | MSA:   7ff1402ad8b6           |
| Probe ID: 6c99e61a              || Methods: ESP Tunnel AES-GCM-128       |                               |
| Mode: Direct ICMP               || Local TS: 10.20.5.188/31              | In Stat:   19.76 MB, 0.00 Bps |
| Source:      10.20.5.188        || Remote TS: 30.2.2.8/29                | Out Stat:  20.42 MB, 0.00 Bps |
| Destination: 30.2.2.10        || MSPI: 2000004 (i: 4, p: e, d: 0)      | Out SPI: b6e5c800             |
| Status: Up                      || Tunnel created:    Mar 20 12:05:4     | IPsec                         |
| Last Changed: Mar 20 10:09:54   || Tunnel expiration: Mar 20 12:35:42    | Connected                     |
+---------------------------------++---------------------------------------+-------------------------------+

Probe statistics:
	----------------------------------
	Probes up:                  1
	Probes down:                0
	Probes with unknown status: 0
	----------------------------------
	Direct ICMP probes:         1
	Spoofed ICMP probes:        0
	HTTP(s) probes:             0
	----------------------------------
	Encrypted probes:           1
	Non-encrypted probes:       0
	Waiting for state probes:   0
	----------------------------------
	Total probes:               1