security ipsec policy show
Display IPsec policies
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The security ipsec policy show
command displays information about configured IPsec policies. All parameters are optional. This command is supported only when IPsec is enabled.
Running the command with the -vserver
parameter displays all policies associated with the specified vserver.
You can specify additional parameters to display only information that matches those parameters. For example, to display policies associated with a certain local ip subnet, run the command with the -local-ip-subnets
parameter.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>,…
parameter, the command displays only the specified fields. Notice that key fields are always displayed. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays all fields of the policies. [-vserver <vserver name>]
- Vserver-
If you specify this parameter, only policies associated with this Vserver will be displayed.
[-name <text>]
- Policy Name-
This parameter specifies the policy to be displayed.
[-local-ip-subnets <IP Address/Mask>,…]
- Local IP Subnets-
If you specify this parameter, information about local-ip-subnets will be displayed.
[-remote-ip-subnets <IP Address/Mask>,…]
- Remote IP Subnets-
If you specify this parameter, information about remote-ip-subnets will be displayed.
[-local-ports {<Number>|<StartingNumber>-<EndingNumber>}]
- Local Ports-
If you specify this parameter, information about local-ports will be displayed.
[-remote-ports {<Number>|<StartingNumber>-<EndingNumber>}]
- Remote Ports-
If you specify this parameter, information about remote-ports will be displayed.
[-protocols {<Protocol Number>|<Protocol Name>}]
- Protocols-
If you specify this parameter, information about protocols will be displayed.
[-action <IPsec Action Type>]
- Action-
If you specify this parameter, information about action will be displayed.
[-cipher-suite <Cipher Suite Type>]
- Cipher Suite-
If you specify this parameter, information about cipher-suite will be displayed.
[-ike-lifetime <integer>]
- IKE Security Association Lifetime-
If you specify this parameter, information about ike-lifetime will be displayed.
[-ipsec-lifetime <integer>]
- IPsec Security Association Lifetime-
If you specify this parameter, information about ipsec-lifetime will be displayed.
[-ipsec-lifetime-bytes <integer>]
- IPsec Security Association Lifetime (bytes)-
If you specify this parameter, information about ipsec-lifetime-bytes will be displayed.
[-is-enabled {true|false}]
- Is Policy Enabled-
If you specify this parameter, information about is-enabled will be displayed.
[-local-identity <text>]
- Local Identity-
If you specify this parameter, information about local IKE endpoint's identity, if configured, will be displayed.
[-remote-identity <text>]
- Remote Identity-
If you specify this parameter, information about remote IKE endpoint's identity, if configured, will be displayed.
[-auth-method <IKE Authentication Method>]
- Authentication Method-
If you specify this parameter, the authentication method of the policy will be displayed.
[-cert-name <text>]
- Certificate for Local Identity-
If you specify this parameter, the name of the certificate will be displayed.
Examples
The this example displays all policies in all Vservers:
cluster-1::> security ipsec policy show Policy Cipher Vserver Name Local IP Subnet Remote IP Subnet Suite Action ------- ---------- ------------------ ------------------ -------------- ------- vs_data1 Policy1 192.168.10.1/32 192.168.20.1/32 SUITEB_GCM256 ESP_TRA Policy3 192.158.10.10/32 192.158.10.20/32 SUITEB_GCM256 DISCARD vs_data2 Policy2 10.10.10.10/32 20.20.20.20/32 SUITE_AESCBC ESP_TRA 3 entries were displayed.
This example displays all of the IPsec policies from a single Vserver:
cluster-1::> security ipsec policy show -vserver vs_data1 Policy Cipher Vserver Name Local IP Subnet Remote IP Subnet Suite Action ------- ---------- ------------------ ------------------ -------------- ------- vs_data1 Policy1 192.168.10.1/32 192.168.20.1/32 SUITEB_GCM256 ESP_TRA Policy3 192.158.10.10/32 192.158.10.20/32 SUITEB_GCM256 DISCARD 2 entries were displayed.
This example displays a specific policy:
cluster-1::> security ipsec policy show -vserver vs_data1 -name Policy1 Vserver Name: vs_data1 Policy Name: Policy1 Local IP Subnets: 192.168.10.1/32 Remote IP Subnets: 192.168.20.1/32 Local Ports: 0-0 Remote Ports: 0-0 Protocols: any Action: ESP_TRA Cipher Suite: SUITEB_GCM256 IKE Security Association Lifetime: 10800 IPsec Security Association Lifetime: 3600 IPsec Security Association Lifetime (bytes): 0 Is Policy Enabled: true Local Identity: Remote Identity:
This example displays a specific field from all policies:
cluster-1::> security ipsec policy show -fields local-ip-subnets vserver name local-ip-subnets -------- ------- ---------------- vs_data1 Policy1 192.168.10.1/32 vs_data1 Policy3 192.158.10.10/32 vs_data2 Policy2 10.10.10.10/32 3 entries were displayed.