Perform this procedure to display the status of configured IPsec tunnel on the Fabric IPsec Gateway Virtual Machine (VM):
enable
virtual-service WORD<1-128> console
Note
Type CTRL+Y to exit the console.
show ipsec-status
Switch:1> enable Switch:1# virtual-service figw console Connected to domain figw Escape character is ^Y <cr> FIGW> show ipsec-status Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-128-generic, x86_64): uptime: 13 days, since <<month, day hh:mm:ss year>> malloc: sbrk 2433024, mmap 0, used 369408, free 2063616 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3 loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown Listening IP addresses: 192.0.2.40 192.0.2.20 Connections: ipsec0-192.0.2.5: 192.0.2.40...192.0.2.5 IKEv2, dpddelay=3s ipsec0-192.0.2.5: local: [192.0.2.60] uses pre-shared key authentication ipsec0-192.0.2.5: remote: [192.0.2.5] uses pre-shared key authentication ipsec0-192.0.2.5: child: 192.0.2.60/32 === 192.0.2.5/32 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): ipsec0-192.0.2.5[29]: ESTABLISHED 21 hours ago, 192.0.2.40[192.0.2.60]...192.0.2.5[192.0.2.5] ipsec0-192.0.2.5[29]: IKEv2 SPIs: dcf0a2d545d40679_i 55006e07252b9934_r*, pre-shared key reauthentication in 2 hours ipsec0-192.0.2.5[29]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 ipsec0-192.0.2.5{377}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c92b08e5_i c0c2d9cd_o ipsec0-192.0.2.5{377}: AES_GCM_16_128, 291247 bytes_i (190 pkts, 6s ago), 297523 bytes_o (194 pkts, 1s ago), rekeying in 30 minutes ipsec0-192.0.2.5{377}: 192.0.2.60/32 === 192.0.2.5/32