如何查看ScreenOS Tunnel SA状态
发布网友
发布时间:2022-12-03 05:37
我来回答
共1个回答
热心网友
时间:2023-11-15 23:34
以下为get sa命令输出的两个例子:
netscreen_isg1000-> get
sa
total configured sa: 79
HEX ID Gateway Port
Algorithm SPI Life:sec kb Sta PID vsys
0000ed57<
120.137.86.188 500 esp: des/md5 3eaae438 3121 unlim I/I 6 0
0000ed57> 120.137.86.188 500
esp: des/md5 af267d19 3121 unlim I/I -1 0
......
netscreen_isg1000-> get sa
total configured sa: 79
HEX
ID Gateway Port Algorithm SPI Life:sec kb Sta PID vsys
0000ed57< 120.137.86.188
500 esp: des/md5 3eaae438 3143 unlim A/- 6 0
0000ed57> 120.137.86.188 500
esp: des/md5 af267d19 3143 unlim A/- -1 0
......
The Sta field shows two things:
The first character
displays whether the VPN tunnel is Active or Inactive.
The second character (after the slash)
displays the Link status thru the VPN Monitor feature.
Here are the possible values of the sta
field:
I/I: VPN tunnel is
Inactive
A/-: VPN tunnel is
Active, and VPN Monitor is not configured
A/U: VPN tunnel is
Active, and the link (detected thru VPN Monitor) is UP
A/D: VPN tunnel is
Active, but the link (detected thru VPN Monitor) is DOWN. VPN Monitor is not
getting a response to its pings. This could be happening because the device
that is being pinged is down or has ping disabled. This could also be happening
if the other side of the VPN is not a NetScreen/Juniper
Firewall.
注意:Both A/- and A/U are
positive states that your tunnel is up. Data will not pass thru a tunnel when
the status is I/I or A/D.