Scribd
Upload
7 views

Step by Step Configure Router Vyata 6.5.41

Uploaded by

gepenks83
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views

Step by Step Configure Router Vyata 6.5.41

Uploaded by

gepenks83
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 121

show vpn ike secrets


Displays configured pre-shared secrets.

Syntax
show vpn ike secrets

Command Mode
Operational mode.

Parameters
None.

Usage Guidelines
Use this command to display information about pre-shared secrets recorded in the
system.

Examples
Example 2-60 shows the output of the show vpn ike secrets command.
Example 2‐60 “show vpn ike secrets” sample output

vyatta@WEST> show vpn ike secrets

Local IP/ID Peer IP/ID


‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
192.168.1.2 1.1.1.2
N/A 192.168.2.2

Secret: "secret"

Local IP/ID Peer IP/ID


‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
192.168.1.2 192.168.2.2
N/A 192.168.2.2

Secret: "secret"

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 122

show vpn ike status


Displays summary information about the IKE process.

Syntax
show vpn ike status

Command Mode
Operational mode.

Parameters
None

Usage Guidelines
Use this command to see the status of the IKE process.

Examples
Example 2-61 shows the output of the show vpn ike status command.
Example 2‐61 “show vpn ike status” sample output

vyatta@west> show vpn ike status


IKE Process Running

PID: 5832

vyatta@west>

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 123

show vpn ipsec sa


Provides information about active IPsec security associations.

Syntax
show vpn ipsec sa [peer peer [tunnel tunnel]]

Command Mode
Operational mode.

Parameters

peer Shows active IPsec security associations for the specified VPN
peer. The format is the IPv4 or IPv6 address of the peer.
tunnel Shows active IPsec security associations for the specified tunnel
to the specified peer. The tunnel argument is an integer that
uniquely identifies the tunnel to the specified peer. The range is 0
to 4294967295.

Usage Guidelines
Use this command to display information about remote VPN peers and IPsec security
associations (SAs) currently in effect.

Examples
Example 2-62 shows the output of the show vpn ipsec sa command.
Example 2‐62 “show vpn ipsec sa” sample output

vyatta@WEST> show vpn ipsec sa


Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1.1.2 192.168.1.2

Tunnel State Bytes Out/In Encrypt Hash NAT‐T A‐Time L‐Time Proto
‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐
1 up 0.0/0.0 aes128 sha1 yes 3415 3600 GRE
2 down n/a n/a n/a yes 0 3600 all

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 124

Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
192.168.2.2 192.168.1.2

Tunnel State Bytes Out/In Encrypt Hash NAT‐T A‐Time L‐Time Proto
‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐
1 down n/a n/a n/a no 0 3600 GRE
vyatta@WEST>

Example 2-63 shows the output of the show vpn ipsec sa peer peer command.
Example 2‐63 “show vpn ipsec sa peer peer” sample output

vyatta@WEST> show vpn ipsec sa peer 1.1.1.2

Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1.1.2 192.168.1.2

Tunnel State Bytes Out/In Encrypt Hash NAT‐T A‐Time L‐Time Proto
‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐
1 up 0.0/0.0 aes128 sha1 yes 3415 3600 GRE
2 down n/a n/a n/a yes 0 3600 all

vyatta@WEST>

Example 2-64 shows the output of the show vpn ipsec sa peer peer tunnel tunnel
command.
Example 2‐64 “show vpn ipsec sa peer peer tunnel tunnel” sample output

vyatta@WEST> show vpn ipsec sa peer 1.1.1.2 tunnel 1

Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1.1.2 192.168.1.2

Tunnel State Bytes Out/In Encrypt Hash NAT‐T A‐Time L‐Time Proto
‐‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐
1 up 0.0/0.0 aes128 sha1 yes 3415 3600 GRE

vyatta@WEST>

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 125

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 126

show vpn ipsec sa detail


Provides detailed information about active IPsec security associations.

Syntax
show vpn ipsec sa detail [peer peer [tunnel tunnel]]

Command Mode
Operational mode.

Parameters

peer The peer to display information about.

tunnel The tunnel to display information about. The range is 0 to


4294967295.

Usage Guidelines
Use this command to display detailed information about remote VPN peers and IPsec
security associations (SAs) currently in effect.

Examples
Example 2-65 shows the output of the show vpn ipsec sa detail command.
Example 2‐65 “show vpn ipsec sa detail” sample output

vyatta@WEST> show vpn ipsec sa detail


‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Peer IP: 192.168.1.1
Peer ID: r2
Local IP: 192.168.1.2
Local ID: r1
NAT Traversal: no
NAT Source Port: n/a
NAT Dest Port: n/a

Description: site‐to‐site x509 tunnel

Tunnel 1:

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 127

State: up
Inbound SPI: 714f7f33
Outbound SPI: 8a84d58
Encryption: aes128
Hash: sha1
PFS Group: 5

CA:
C=US
ST=CA
L=BELMONT
O=Organization
CN=CertAuth
[email protected]

Local Net: 172.16.0.0/24


Local Protocol: all
Local Port: all

Remote Net: 172.16.1.0/24


Remote Protocol: all
Remote Port: all

Inbound Bytes: 0.0


Outbound Bytes: 0.0
Active Time (s): 1876
Lifetime (s): 3600

vyatta@WEST>

Example 2-66 shows the output of the show vpn ipsec sa detail peer peer command for
an x509 tunnel (note the “CA” information).
Example 2‐66 “show vpn ipsec sa detail peer peer” sample output

vyatta@WEST> show vpn ipsec sa detail peer 192.168.1.1


‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Peer IP: 192.168.1.1
Peer ID: r2
Local IP: 192.168.1.2
Local ID: r1
NAT Traversal: no
NAT Source Port: n/a
NAT Dest Port: n/a

Description: site‐to‐site x509 tunnel

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 128

Tunnel 1:
State: up
Inbound SPI: 714f7f33
Outbound SPI: 8a84d58
Encryption: aes128
Hash: sha1
PFS Group: 5

CA:
C=US
ST=CA
L=BELMONT
O=Organization
CN=CertAuth
[email protected]

Local Net: 172.16.0.0/24


Local Protocol: all
Local Port: all

Remote Net: 172.16.1.0/24


Remote Protocol: all
Remote Port: all

Inbound Bytes: 0.0


Outbound Bytes: 0.0
Active Time (s): 1876
Lifetime (s): 3600

vyatta@WEST>

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 129

show vpn ipsec sa nat‐traversal


Provides information about all active IPsec security associations that are using NAT
Traversal.

Syntax
show vpn ipsec sa nat-traversal

Command Mode
Operational mode.

Parameters
None.

Usage Guidelines
Use this command to display information about all active IPsec security associations that
are using RFC 3947 NAT Traversal.

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 130

show vpn ipsec sa statistics


Display statistics information about active IPsec security associations.

Syntax
show vpn ipsec sa statistics [peer peer [tunnel tunnel]]

Command Mode
Operational mode.

Parameters

peer The peer to display information about.

tunnel The tunnel to display information about. The range is 0 to


4294967295.

Usage Guidelines
Use this command to see statistics for active IPsec security associations.

Examples
Example 2-67 shows the output of the show vpn ipsec sa statistics command.
Example 2‐67 “show vpn ipsec sa statistics” sample output

vyatta@WEST> show vpn ipsec sa statistics

Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
1.1.1.2 192.168.1.2

Tun# Dir Source Network Destination Network Bytes


‐‐‐‐ ‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
1 in 192.168.2.2/32 192.168.1.2/32 0.0
1 out 192.168.1.2/32 192.168.2.2/32 0.0
2 in n/a n/a 0.0
2 out n/a n/a 0.0

VPN 6.5R1 v01 Vyatta


Chapter 2: IPsec Site‐to‐Site VPN IPsec Site‐to‐Site VPN Commands 131

Peer ID / IP Local ID / IP
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
192.168.2.2 192.168.1.2

Tun# Dir Source Network Destination Network Bytes


‐‐‐‐ ‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
1 in n/a n/a 0.0
1 out n/a n/a 0.0

vyatta@WEST>
VPN 6.5R1 v01 Vyatta

You might also like