IPsec Show Commands

The CloudEOS and vEOS Router provides commands to view all current or established IPsec tunnels and to view all profiles currently in use by established tunnels.

The show commands are:
  • show ip security connection
  • show ip security connection detail
Examples

The example below shows the use of the show ip security connection command to view a summary of all current (established) IPsec tunnels.

switch#show ip security connection
Tunnel SourceDest Status Uptime 
Tunnel01.0.0.1 1.0.0.2Established14 minutes 

Input OutputReauth Time
589 bytes 608 bytes		 8 hours 
7 pkts36 pkts

The example below shows the use of the show ip security connection detail command to view the details for a specified IPsec tunnel.

switch#show ip security connection detail
source address 1.0.0.1, dest address 1.0.0.2
 Inbound SPI 0x672F6CC3:
request id 1, mode transport replay-window 32, seq 0x0
stats errors:
 replay-window 0, replay 0, integrity_failed 0
lifetime config:
 softlimit 18446744073709551615 bytes, hardlimit 18446744073709551615 bytes
 softlimit 18446744073709551615 pkts, hardlimit 18446744073709551615 pkts
 expire add 0 secs, hard 0 secs
lifetime current:
 589 bytes, 7 pkts
 add time Wed Aug 17 17:50:28 2016, use time Wed Aug 17 17:50:31 2016
 Outbound SPI 0xc5f3c373:
request id 1, mode transport replay-window 32, seq 0x0
stats errors:
 replay-window 0, replay 0, integrity_failed 0
lifetime config:
 softlimit 18446744073709551615 bytes, hardlimit 18446744073709551615 bytes
 softlimit 18446744073709551615 pkts, hardlimit 18446744073709551615 pkts
 expire add 0 secs, hard 0 secs
lifetime current:
 608 bytes, 7 pkts
 add time Wed Aug 17 17:50:28 2016, use time Wed Aug 17 17:50:31 2016

The example below shows the use of the show ip sec applied-profile command to view all profiles currently in use by established tunnels.

switch#show ip sec applied-profile 
Profile Name Interface
Arista Tunnel0