MONITOR GETSA

Level

vpn_read

History

Format Appears in Netasq 9.0.0
Behavior changed in 4.2.0

Description

List IPsec SA

Returns

id=<id> : CHILD_SA unique id
rulename=<name> : CHILD_SA rule name
ikeid=<id> : IKE_SA unique id
ikerulename=<name> : IKE_SA rule name
src=<ip> : source IP address
srcname=<name> : source object name
dst=<ip> : destination IP address
dstname=<name> : destination object name
type=ah|esp : SA type
mode=<mode> : IPSec mode: tunnel|drop|pass
spiin=<id> : identifier
spiout=<id> : identifier
reqid=<id> : identifier
enc=<algo> : cypher algo in use
auth=<algo> : authentication in use
prf=<algo> : PRF algorithm
pfs=<algo> : DH group in use
state=<state> : SA state: created|installed|rekeying|destroying
bytesin=<count> : byte count
bytesout=<count> : byte count
packetsin=<count> : packet count
packetsout=<count> : packet count
lifetime=<secs> : time count
maxlifetime=<secs> : delay between rekeys

Format

section_line

Example

101 begin
rulename="ba6c3194672da4df9590d7ff827384b4" ikerulename="Site_fw_vm_2"
src=192.168.10.1 srcname=Firewall_in dst=192.168.11.1 dstname=fw_vm_2
type="esp" mode="tunnel" encap=0 esn=0 reqid=1
spiout=3439867777 spiin=3485712767 enc="aes/256" auth="hmac_sha256"
state=installed bytesin=0 bytesout=864 packetsin=0 packetsout=8 lifetime=134 maxlifetime=3601
.