< Home

Monitoring the IPSec Running Status

Prerequisites

All IPSec configurations are complete.

In routine maintenance, you can run the following commands in any view to check whether IPSec is functioning properly.

Procedure

  • Run the display ike sa [ remote ipv4-address ] command to check brief information about IKE SAs.
  • Run the display ike sa [ remote-id-type remote-id-type ] remote-id remote-id command to check brief information about IKE SAs based on the remote ID.
  • Run the display ike sa verbose [ remote ipv4-address | connection-id connection-id | [ remote-id-type remote-id-type ] remote-id remote-id ] command to check detailed information about IKE SAs.
  • Run the display ipsec sa efficient-vpn efficient-vpn-name command to check IPSec SA information.
  • Run the display ipsec history record [ remote-address remote-address ] command to check history information about IPSec tunnels.
  • Run the display ipsec packet statistics command to check IPSec packet statistics.
  • Run the display ipsec statistics tunnel-number command to check the number of IPSec tunnels.
  • Run the display ike statistics { v1 | v2 } command to check IKE statistics.
  • Run the display ikev2 statistics { error | notify-info | packet | sa } command to check statistics on IPSec tunnels negotiated using IKEv2.
  • Run the display ike error-info [ verbose ] [ peer remote-address ] command to check information about IPSec tunnel negotiation failures using IKE.
  • Run the display ike offline-info [ peer remote-address ] command to check information about deleted IPSec tunnels established through IKE negotiation.
Parent Topic: Maintaining IPSec
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >