Perform this procedure to display the status of configured IPsec tunnel on the Fabric IPsec Gateway Virtual Machine (VM):
enable
virtual-service WORD<1-128> console
Note
Type CTRL+Y to exit the console.
Switch:1> enable
Switch:1# virtual-service figw console
Connected to domain figw
Escape character is ^Y
<cr>
FIGW> show ipsec-status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-128-generic, x86_64):
uptime: 13 days, since <<month, day hh:mm:ss year>>
malloc: sbrk 2433024, mmap 0, used 369408, free 2063616
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints
pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr
kernel-netlink resolve socket-default connmark stroke updown
Listening IP addresses:
192.0.2.40
192.0.2.20
Connections:
ipsec0-192.0.2.5: 192.0.2.40...192.0.2.5 IKEv2, dpddelay=3s
ipsec0-192.0.2.5: local: [192.0.2.60] uses pre-shared key authentication
ipsec0-192.0.2.5: remote: [192.0.2.5] uses pre-shared key authentication
ipsec0-192.0.2.5: child: 192.0.2.60/32 === 192.0.2.5/32 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
ipsec0-192.0.2.5[29]: ESTABLISHED 21 hours ago, 192.0.2.40[192.0.2.60]...192.0.2.5[192.0.2.5]
ipsec0-192.0.2.5[29]: IKEv2 SPIs: dcf0a2d545d40679_i 55006e07252b9934_r*, pre-shared key reauthentication in 2 hours
ipsec0-192.0.2.5[29]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
ipsec0-192.0.2.5{377}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c92b08e5_i c0c2d9cd_o
ipsec0-192.0.2.5{377}: AES_GCM_16_128, 291247 bytes_i (190 pkts, 6s ago), 297523 bytes_o (194 pkts, 1s ago), rekeying in 30 minutes
ipsec0-192.0.2.5{377}: 192.0.2.60/32 === 192.0.2.5/32