ZyXEL Communications 3.1 17.2.6 SA Monitor Commands

COMMAND

DESCRIPTION

show sa monitor [{begin

Displays the current IPSec SAs and the status of each one. You can specify a range of

<1..1000>} {end <1..1000>}

SA entries to display. You can also control the sort order of the display and search by

{crypto-map regexp} {policy

VPN connection or (local or remote) policy.

regexp} {rsort sort_order}

regexp: A keyword or regular expression. Use up to 30 alphanumeric and _+-

{sort sort_order}]

.()!$*^:?{}[]<>/ characters.

A question mark (?) lets a single character in the VPN connection or policy name

vary. For example, use “a?c” (without the quotation marks) to specify abc, acc and

so on.

Wildcards (*) let multiple VPN connection or policy names match the pattern. For

example, use “*abc” (without the quotation marks) to specify any VPN connection or

policy name that ends with “abc”. A VPN connection named “testabc” would match.

There could be any number (of any type) of characters in front of the “abc” at the

end and the VPN connection or policy name would still match. A VPN connection or

policy name named “testacc” for example would not match.

A * in the middle of a VPN connection or policy name has the ZyWALL check the

beginning and end and ignore the middle. For example, with “abc*123”, any VPN

connection or policy name starting with “abc” and ending in “123” matches, no

matter how many characters are in between.

The whole VPN connection or policy name has to match if you do not use a question

mark or asterisk.

See Table 70 on page 142 for other parameter description.

show isakmp sa

Displays current IKE SA and the status of each one.

no sa spi spi

Deletes the SA specified by the SPI.

spi: 2-8 hexadecimal (0-9, A-F) characters

no sa tunnel-name map_name

Deletes the specified IPSec SA.

show vpn-counters

Displays VPN traffic statistics.

149

ZyWALL (ZLD) CLI Reference Guide