<\/span><\/h2>\nFrom the get sa command you can see the status and various details of the Security Assiociations. The section below which is highlighted in bold shows the status of the vpn tunnel (left) and the status of the VPN monitor (right). In this case the VPN tunnel is active and the VPN monitor is dashed out as it isnt enabled.<\/p>\n
netscreen(M)-> get sa | i [peer ip]\r\n00000007<\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [peer ip]\u00a0 500 esp:3des\/md5\u00a0\u00a0zbcA14zz\u00a0 3317 unlim A\/-\u00a0\u00a0\u00a0 22 0\r\n00000007>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [peer ip]\u00a0 500 esp:3des\/md5\u00a0 fbcb64ee\u00a0 3317 unlim A\/-\u00a0\u00a0\u00a0 -1 0<\/pre>\nUsing the SA ID we can confirm additional details of the Phase 2 SA.<\/p>\n
netscreen(M)-> get sa id 0x00000007\r\nindex 49, name Example, peer gateway ip [remote peer]. vsys<Root>\r\nauto key. policy node, tunnel mode, policy id in:<10104> out:<10103> vpngrp:<-1>. sa_list_nxt:<-1>.\r\ntunnel id 662, peer id 52, NSRP Active. Vsd 0\u00a0\u00a0 site-to-site. Local interface is ethernet5 \r\n<[local peer]>.\r\n\u00a0 esp, group 0, a256 encryption, sha1 authentication\r\n\u00a0 autokey, IN active, OUT active\r\n\u00a0 monitor<0>, latency: 0, availability: 0\r\n\u00a0 DF bit: clear\r\n\u00a0 app_sa_flags: 0x2067\r\n\u00a0 proxy id: local 0.0.0.0\/0.0.0.0, remote 0.0.0.0\/0.0.0.0, proto 0, port 0\r\n\u00a0 ike activity timestamp: 590051543\r\nnat-traversal map not available\r\nincoming: SPI 9j32882e, flag 00004000, tunnel info 40000296, pipeline\r\n\u00a0 life 86400 sec, 19761 remain, 0 kb, 0 bytes remain\r\n\u00a0 anti-replay on, last 0xb6840, window 0xffffffff, idle timeout value <0>, idled 0 seconds\r\n\u00a0 next pak sequence number: 0x0\r\noutgoing: SPI 7bz2a942, flag 00000000, tunnel info 40000296, pipeline\r\n\u00a0 life 86400 sec, 19761 remain, 0 kb, 0 bytes remain\r\n\u00a0 anti-replay on, last 0x0, window 0x0, idle timeout value <0>, idled 0 seconds\r\n\u00a0 next pak sequence number: 0x89j9c<\/pre>\n