Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

show ipsec ike sessions

show ipsec ike sessions—Display information about the IKE sessions on the router (on vEdge routers only).

Command Syntax

show ipsec ike sessions

Options

None

Output Fields

DH Group
(For IKEv1 only) Number of the Diffie-Hellman group). It can be 2, 14, 15, or 16.
State
State of the IKE session. It can be one of the following:
• AUTH_LOADED—IKE configuration has been loaded.
• CONF_LOADED—IKE configuration has been loaded.
•​​​​​​​ IKE_INITIATE—Security association (SA) negotiation has been initiated.
•​​​​​​​ IKE_UP_IPSEC_DN—IKE SA is established, but IPsec SA is not yet established.
•​​​​​​​ IKE_UP_IPSEC_UP—IKE SA and IPsec SA are established, and the tunnel is up and can send traffic.
•​​​​​​​ INTF_CREATED—IPsec interface has been created.
• RETRY_INITIATE—The first SA initiation failed, and SA initiation is being retried.
• TERMINATED—The IPsec interface has been administratively shut down.
Uptime
How long the IKE session has been up. IKE sessions reset when the rekey interval expires.

The remaining output fields are self-explanatory.

Example Output

Display information about the IKE Version 2 session between two vEdge routers:

vEdge1# show running-config vpn 1 interface ipsec1
vpn 1
 interface ipsec1
  ip address 10.1.1.1/30
  tunnel-source      10.1.15.15
  tunnel-destination 10.1.16.16
  ike
   version      2
   rekey        14400
   cipher-suite aes256-cbc-sha1
   group        16
   authentication-type
    pre-shared-key
     pre-shared-secret $8$jr37xShEUPZF2zuiZFpTqqBHSlCHVX1XLut1o62mh7c=
    !
   !
  !
  ipsec
   rekey         14400
   replay-window 32
   cipher-suite  aes256-cbc-sha1
  !
  no shutdown
 !
!

vEdge2# show running-config vpn 1 interface ipsec1
vpn 1
 interface ipsec1
  ip address 10.1.1.2/30
  tunnel-source      10.1.16.16
  tunnel-destination 10.1.15.15
  ike
   version      2
   rekey        14400
   cipher-suite aes256-cbc-sha1
   group        16
   authentication-type
    pre-shared-key
     pre-shared-secret $8$/O+yus2zpknCbyK5YUfZMQehghSsXCXzfRpc9bj6YsY=
    !
   !
  !
  ipsec
   rekey         14400
   replay-window 32
   cipher-suite  aes256-cbc-sha1
  !
  no shutdown
 !
!

vEdge1# show ipsec ike sessions

     IF                           SOURCE              DEST                                                                                                
VPN  NAME    VERSION  SOURCE IP   PORT    DEST IP     PORT  INITIATOR SPI     RESPONDER SPI     CIPHER SUITE     DH GROUP        STATE        UPTIME      
----------------------------------------------------------------------------------------------------------------------------------------------------------
1    ipsec1  2        10.1.15.15  4500    10.1.16.16  4500  ccb1a7c4a770752e  6179faf6884bfd38  aes256-cbc-sha1  16 (MODP-4096)  ESTABLISHED  0:00:08:38  

vEdge2# show ipsec ike sessions

     IF                           SOURCE              DEST                                                                                                
VPN  NAME    VERSION  SOURCE IP   PORT    DEST IP     PORT  INITIATOR SPI     RESPONDER SPI     CIPHER SUITE     DH GROUP        STATE        UPTIME      
----------------------------------------------------------------------------------------------------------------------------------------------------------
1    ipsec1  2        10.1.16.16  4500    10.1.15.15  4500  ccb1a7c4a770752e  6179faf6884bfd38  aes256-cbc-sha1  16 (MODP-4096)  ESTABLISHED  0:00:09:23

Release Information

Command introduced in Viptela Software Release 17.2.

  • Was this article helpful?