VPN Phase 2 SA CLI command "get sa" What does "ID" mean in the items displayed by "get sa"?
Depending on the state of the SA will determine the meaning of the ID value.
When the SA is inactive, the ID value is the VPN id of the gateway. When the SA is active, the ID value is the same as the id of the two pair-up VPN policies.
Here is an example:
The inactive VPN with id 4
The active two pair-up VPN policies using VPN with id 9
You can see the followings with "get sa" :
color="red">ID S/D Gateway Port Algorithm SPI Life:sec kb Sta PID Link vsys
color="red">4 0< 1.1.1.2 500 esp:3des/sha1 00000000 expire no limit ina vpn inac
color="red">4 0> 1.1.1.2 500 esp:3des/sha1 00000000 expire no limit ina vpn inac
color="red">9 0< 1.1.1.2 500 esp:3des/sha1 d13b781d 12 no limit act 1 off
color="red">9 0> 1.1.1.2 500 esp:3des/sha1 013a23fd 12 no limit act 0 off
In the configuration file, you will see:
set vpn "NS500-VPN" color="red">id 4 gateway "NS500-GW" replay tunnel idletime 0 proposal "TEST-P2"
set policy id 0 outgoing "10.0.0.0/24" "20.0.0.0/24" "ANY" Tunnel vpn "NS500-VPN" color="red">id 9
set policy id 1 incoming "20.0.0.0/24" "10.0.0.0/24" "ANY" Tunnel vpn "NS500-VPN" color="red">id 9
Here is the problem or goal:
- What does "ID" mean in the items displayed by "get sa"?
Problem Environment:
- VPN Phase 2 SA
- CLI command "get sa"
Applicable Products:
- NetScreen-5XP
- NetScreen-5XT
- NetScreen-5GT
- NetScreen-10
- NetScreen-25
- NetScreen-50
- NetScreen-100
- NetScreen-204
- NetScreen-208
- NetScreen- 500
- NetScreen-1000
- NetScreen-5200
- NetScreen-5400
Applicable ScreenOS:
- 4.0.0
- 4.0.0-DIAL
- 4.0.0-DIAL2
- 4.0.1
- 4.0.1-SBR
- 4.0.2
- 4.0.3
- 5.0.0
- 5.0.0 A/V