IP security configuration such as security policy database and IKE SA information.
> show status addressContext <addressContext_name> ipsec ikeSaStatistics ikeSaStatus ipsecSaStatistics ipsecSaStatus systemStatistics
IPsec Parameters Parameter Description This object displays IKE SA statistics. The fields displayed include: This object displays IKE SA status details. The fields displayed include: This object displays IPsec SA statistics details. The fields displayed include: IPsec SA status. The fields displayed include: IPsec remote key management protocol details for the peer. The fields displayed include: NOTE: This command applies to the 'show table' command only. IPsec security policy configuration. The fields displayed include: NOTE: This command applies to the 'show table' command only. IPsec system statistics. NOTE: The value of Command Parameters
ipsec
IP security configuration such as security policy database and IKE SA information. ikeSaStatistics <sai>
– The unique SAI (Security Association Index).<sa index>
ikeVersion
– The IKE version of this IPsec configuration.ipsecSaNegotiationsFailed
– Number of IPsec SAs negotiations failed on this IKE SA ipsecSaNegotiationsSucceeded
– Number of IPsec SAs negotiated using this IKE SA localIpAddr
– Displays local IP addresspeerIpAddr
– Displays peer IP addressikeSaStatus <sai>
– The unique SAI (Security Association Index).<sa index>
dhGroup
– DH group supported in the IKE exchangeencType
– Encryption cipher type for this SA ikeVersion
– The IKE version of this IPsec configuration.integrityType
– Integrity cipher type for this SA localId
– Local identity type (fqdn/ipV4Addr/ipV6Addr)localIpAddr
– Displays local IP addresspeerId
– Remote identity type (fqdn/ipV4Addr/ipV6Addr)peerIpAddr
– Displays remote IP addresssecondsRemaining
– Number of seconds remaining for this SAipsecSaStatistics <spi>
inBytesCount
– Number of ESP bytes received.inPacketDiscardAntiReplay
– Number of packets discarded due to anti-replay.
inPacketDiscardFailedIntegrity
– Number of packets discarded due to integrity check failure.inPacketsCount
– Number of ESP packets received.localIpAddr
– Local IP address.outBytesCount
– Number of ESP bytes sent.outPacketsCount
– Number of ESP packets sent.peerIpAddr
–Remote IP address.remoteSpi
– Remote Security Policy Index (SPI).ipsecSaStatus <local spi>
bytesRemaining
– Number of bytes remaining if used for SA lifetime.encType
– Encryption type (aes).ikeSaIndex
– Unique internally-assigned ID.ikeVersion
– The IKE version of this IPsec configuration.integrityType
– Integrity type (sha1/md5).localSelector
– Local SA traffic selectorlocalSPI
– Local Security Policy Index (SPI) namelocalTerminationAddr –
IP Address of the local termination point remoteSelector
– Remote SA traffic selector
– Remote SPI nameremoteSPI
remoteTerminationAddr
– IP Address of the remote termination pointsecondsRemaining
– Number of seconds remaining in SA lifetime.selectorName
– Name of the Security Policy Database (SPD) used for this SAupperLayerProtocol
– Upper layer protocol of the SA.peer
name
ipAddress
protocol
type
ipAddress
domainName
ipAddressVar
type
ipAddress
domainName
preSharedKey
protectionProfile
spd
name
state
precedence
localIpAddr
localIpPrefixLen
localPort
remoteIpAddr
remoteIpPrefixLen
remotePort
protocol
action
mode
protectionProfile
peer
localIpAddrVar
systemStatistics <sys name>
ikeSaNegotiationsFailed
– Number of phase-1 (Main Mode) Security Association negotiation failures.ikeSaNegotiationsSucceeded
– Number of phase-1 (Main mode) Security Association negotiations resulting in a phase-1 SA being established.inPacketDiscardDiscarded
– Number of incoming Internet Security Association and Key Management Protocol (ISAKMP) packets discarded as a result of matching a discard SPD rule.inPacketDiscardInvalidSpi
– Number of incoming ESP packets discarded due to their SPI not matching an existing phase-2 SA.inPacketDiscardNoState
– Number of incoming ISAKMP packets discarded as a result of matching a discard no state rule.inPacketDiscardProtected
– Number of incoming ISAKMP packets discarded as a result of matching a protect SPD rule.inPacketDiscardSAExpired
– Number of incoming ESP packets discarded since they arrived on a phase-2 SA that has expired.inPacketDiscardSelectorMismatch
– Number of Incoming ESP packets discarded due to selector mismatch.ipsecSaNegotiationsFailed
– Number of phase-2 (Quick Mode) Security Association negotiation failures.ipsecSaNegotiationsSucceeded
– Number of successful phase-2 (Quick Mode) Security Association negotiations.outPacketDiscardDiscarded
– Number of outgoing ISAKMP packets discarded as a result of matching a discard SPD rule.outPacketDiscardProtected
– Number of outgoing ISAKMP packets discarded as a result of matchinga protect SPD rule.outPacketDiscardSAExpired
– Number of outgoing ESP packets discarded since they are for a phase-2 SA that has expired.outPacketDiscardSSNWrap
– Number of outgoing ESP packets discarded due to wrapping around of the sequence number.inPacketDiscardInvalidSpi
will always be 0 on theas it does not store this statistic internally.
The following objects only apply when using the 'show table addressContext' command:
peer, spd