Juniper SRX Commands (VPN TSHOOT) (Important)

To see Phase1 and Phase2 of VPNs:
user@host> show security ike security-associations
user@host> show security ike active-peer

user@host> show security ipsec security-associations

To see the reason of tunnel inactivity:
user@host> show security ipsec inactive-tunnels
Configure syslog to display VPN status messages:
# set system syslog file kmd-logs daemon info
# set system syslog file kmd-logs match KMD
# commit
To see these VPN Logs:
> show log kmd-logs

> show security ike security-associations
> show security ike security-associations index 3654851 detail
> show security ipsec security-associations
> show security ipsec security-associations index 131081 detail
> show configuration | display set | match VPN_to_PEER_FIREWALL
> show security ipsec security-associations index 131081
> show security ipsec statistics index 131081
> show security ipsec security-associations index 131081 detail

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s