Monitoring and Troubleshooting

This section contains the sample CLI command output of show commands for the N4/Sx over IPSec feature in both SMF and UPF.

show crypto ikev2-ikesa security-associations summary

I - Initiator
  R - Responder
Mgr                                                                  Lifetime
ID  VPN Local IPSec GW:Port   Remote IPSec GW:Port  State            /Remaining
=== === ===================== ===================== ================ ===========
54  2   192.168.170.55 :500   192.168.196.55 :500   AUTH_COMPLETE(I) 86400/16448

1 IKEv2 Security Association found in this context.

show crypto ipsec security-associations summary

+------ SA state:           (E) - Established                             
      |                           (P) - Partially Established                   
      |                           (N) - No SAs                                  
      |                                                                         
      |+----- Rekey/Keepalive:    (D) - Rekey Disabled                          
      ||                          (E) - Rekey Enabled/No Keepalive              
      ||                          (K) - Rekey Enabled/Keepalive                 
      ||                                                                        
      ||+---- Crypto Type:        (D) - Dynamic Map                             
      |||                         (I) - IKEv1 Map                               
      |||                         (J) - IKEv2 Map                               
      |||                         (M) - Manual Map                              
      |||                         (C) - CSCF Map                                
      |||                                                                       
      |||                                                                       
      VVV           Map Name                                                 Rekeys En Pkts    De Pkts   
===== === ================================================================== ====== ========== ==========
1     EDJ foo0                                                               0      3496       3496      

1 Crypto Map Found.
1 Crypto Map Established.

To validate the IPSec tunnel CLI on the SMF protocol pod and validate the ipsec.yaml file on SMF, see the Interfaces Support > N4 Interface chapter for sample SMI strongSwan configuration.

For the latest strongSwan configurations, see the Ultra Cloud Core Subscriber Microservices Infrastructure Operations Guide.