Monitoring and Troubleshooting
This section contains the sample CLI command output of show commands for the N4/Sx over IPSec feature in both SMF and UPF.
show crypto ikev2-ikesa security-associations summary
I - Initiator
R - Responder
Mgr Lifetime
ID VPN Local IPSec GW:Port Remote IPSec GW:Port State /Remaining
=== === ===================== ===================== ================ ===========
54 2 192.168.170.55 :500 192.168.196.55 :500 AUTH_COMPLETE(I) 86400/16448
1 IKEv2 Security Association found in this context.
show crypto ipsec security-associations summary
+------ SA state: (E) - Established
| (P) - Partially Established
| (N) - No SAs
|
|+----- Rekey/Keepalive: (D) - Rekey Disabled
|| (E) - Rekey Enabled/No Keepalive
|| (K) - Rekey Enabled/Keepalive
||
||+---- Crypto Type: (D) - Dynamic Map
||| (I) - IKEv1 Map
||| (J) - IKEv2 Map
||| (M) - Manual Map
||| (C) - CSCF Map
|||
|||
VVV Map Name Rekeys En Pkts De Pkts
===== === ================================================================== ====== ========== ==========
1 EDJ foo0 0 3496 3496
1 Crypto Map Found.
1 Crypto Map Established.
To validate the IPSec tunnel CLI on the SMF protocol pod and validate the ipsec.yaml file on SMF, see the Interfaces Support > N4 Interface chapter for sample SMI strongSwan configuration.
For the latest strongSwan configurations, see the Ultra Cloud Core Subscriber Microservices Infrastructure Operations Guide.