Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] What does 'ID' mean in the items displayed by 'get sa'?

0

0

Article ID: KB6996 KB Last Updated: 17 Aug 2010Version: 3.0
Summary:
What does 'ID' mean in the items displayed by 'get sa'?
Symptoms:
VPN Phase 2 SA CLI command "get sa" What does "ID" mean in the items displayed by "get sa"?
Solution:

Depending on the state of the SA will determine the meaning of the ID value.

When the SA is inactive, the ID value is the VPN id of the gateway.  When the SA is active, the ID value is the same as the id of the two pair-up VPN policies.

Here is an example:

The inactive VPN with id 4
The active two pair-up VPN policies using VPN with id 9

You can see the followings with "get sa" :

  color="red">ID S/D Gateway         Port Algorithm     SPI      Life:sec  kb       Sta PID Link vsys
   color="red">4  0< 1.1.1.2          500 esp:3des/sha1 00000000 expire    no limit ina vpn inac
   color="red">4  0> 1.1.1.2          500 esp:3des/sha1 00000000 expire    no limit ina vpn inac
   color="red">9  0< 1.1.1.2          500 esp:3des/sha1 d13b781d        12 no limit act   1 off
   color="red">9  0> 1.1.1.2          500 esp:3des/sha1 013a23fd        12 no limit act   0 off

In the configuration file, you will see:

set vpn "NS500-VPN" color="red">id 4 gateway "NS500-GW" replay tunnel idletime 0 proposal "TEST-P2"
set policy id 0 outgoing "10.0.0.0/24" "20.0.0.0/24" "ANY" Tunnel vpn "NS500-VPN" color="red">id 9
set policy id 1 incoming "20.0.0.0/24" "10.0.0.0/24" "ANY" Tunnel vpn "NS500-VPN" color="red">id 9

Here is the problem or goal:

  • What does "ID" mean in the items displayed by "get sa"?

Problem Environment:

  • VPN Phase 2 SA
  • CLI command "get sa"

Applicable Products:

  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-5GT
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200
  • NetScreen-5400

Applicable ScreenOS:

  • 4.0.0
  • 4.0.0-DIAL
  • 4.0.0-DIAL2
  • 4.0.1
  • 4.0.1-SBR
  • 4.0.2
  • 4.0.3
  • 5.0.0
  • 5.0.0 A/V


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search