Displaying the number of IPSec tunnels on the USG6000

3

Run the display ipsec sa brief command to display the number of tunnels.

Other related questions:
Displaying the number of IPSec tunnels on the USG9000
Run the display ipsec sa brief command to display the number of tunnels.

Displaying the number of IPSec tunnels on the USG2000
Run the display ipsec sa brief command to display the number of tunnels.

Displaying the number of IPSec tunnels on the USG5000
Run the display ipsec sa brief command to display the number of tunnels.

Number of IPSec tunnels supported by the AR
Hi, I cannot answer this question. For details about product specifications, dial 4008229999.

Configuring IPSec tunnel-based link backup on the USG6000
Configuring IPSec tunnel-based link backup on the USG6000 Tunnel-based link backup applies to a scenario where IPSec tunnels are established between multiple public network egresses at one end and the remote end. The configuration procedure differs only a little bit with the common IPSec configuration procedure. The configuration procedure and roadmap are as follows: 1. Complete basic configurations, including setting IP addresses and assigning interfaces to security zones. 2. Create a tunnel interface and assign the tunnel interface to a security zone. 3. Configure a route (usually a static route) to the Internet on the NGFW. 4. Create an ACL to define the data flow to be protected. 5. Configure the security policy. 6. Configure an IPSec proposal. 7. Configure an IKE proposal. 8. Configure an IKE peer. 9. Configure an IPSec policy. 10. Apply the IPSec policy. Operation steps Here provides only key configurations related to tunneling. For other basic policy configurations, see complete configuration examples. Key configuration steps on USG_A (the end with multiple egresses): 1. Configure a tunnel interface. [NGFW_A] interface tunnel 0 [NGFW_A-tunnel0] tunnel-protocol ipsec [NGFW_A-tunnel0] ip address 10.1.0.2 24 [NGFW_A] firewall zone untrust [NGFW_A-zone-untrust] add interface tunnel 0 [NGFW_A] ip route-static 10.4.0.0 255.255.255.0 tunnel 0 //Configure the route to the peer intranet to pass through the tunnel interface. [NGFW_A] ip route-static 4.4.4.4 32 1.1.1.254 [NGFW_A] ip route-static 4.4.4.4 32 2.2.2.254 [NGFW_A] ip route-static 4.4.4.4 32 3.3.3.254 //Configure equal-cost routes to the peer interface through three egresses. [NGFW_A] acl 3000 [NGFW_A-acl-adv-3000] rule permit ip source 10.3.0.0 0.0.0.255 destination 10.4.0.0 0.0.0.255 [NGFW_A] ipsec proposal tran1 [NGFW_A-ipsec-proposal-tran1] encapsulation-mode tunnel [NGFW_A-ipsec-proposal-tran1] transform esp [NGFW_A-ipsec-proposal-tran1] esp authentication-algorithm sha2-256 [NGFW_A-ipsec-proposal-tran1] esp encryption-algorithm aes [NGFW_A] ike proposal 10 [NGFW_A-ike-proposal-10] quit [NGFW_A] ike peer b [NGFW_A-ike-peer-b]ike-proposal 10 [NGFW_A-ike-peer-b]remote-address 4.4.4.4 [NGFW_A-ike-peer-b]pre-shared-key Test!123 [NGFW_A] ipsec policy map1 10 isakmp [NGFW_A-ipsec-policy-isakmp-map1-10] security acl 3000 [NGFW_A-ipsec-policy-isakmp-map1-10] proposal tran1 [NGFW_A-ipsec-policy-isakmp-map1-10] ike-peer b [NGFW_A-ipsec-policy-isakmp-map1-10] quit [NGFW_A] interface tunnel 0 Apply IPSec policy map1 to the tunnel interface. [NGFW_A-tunnel0] ipsec policy map1 [NGFW_A-tunnel0] quit Configure NGFW_B. [NGFW_B] ip route-static 10.3.0.0 255.255.255.0 4.4.4.254 [NGFW_B] ip route-static 10.1.0.2 255.255.255.255 4.4.4.254 [NGFW_B] acl 3000 [NGFW_B-acl-adv-3000] rule permit ip source 10.4.0.0 0.0.0.255 destination 10.3.0.0 0.0.0.255 [NGFW_B-acl-adv-3000] quit [NGFW_B] ipsec proposal tran1 [NGFW_B-ipsec-proposal-tran1] encapsulation-mode tunnel [NGFW_B-ipsec-proposal-tran1] transform esp [NGFW_B-ipsec-proposal-tran1] esp authentication-algorithm sha2-256 [NGFW_B-ipsec-proposal-tran1] esp encryption-algorithm aes [NGFW_B-ipsec-proposal-tran1] quit [NGFW_B] ike proposal 10 [NGFW_B-ike-proposal-10] quit [NGFW_B] ike peer a [NGFW_B-ike-peer-a] ike-proposal 10 [NGFW_B-ike-peer-a] remote-address 10.1.0.2 [NGFW_B-ike-peer-a] pre-shared-key Test!123 [NGFW_B-ike-peer-a] quit [NGFW_B] ipsec policy map1 10 isakmp [NGFW_B-ipsec-policy-isakmp-map1-10] security acl 3000 [NGFW_B-ipsec-policy-isakmp-map1-10] proposal tran1 [NGFW_B-ipsec-policy-isakmp-map1-10] ike-peer a [NGFW_B-ipsec-policy-isakmp-map1-10] quit [NGFW_B] interface GigabitEthernet 1/0/1 [NGFW_B-GigabitEthernet1/0/1] ipsec policy map1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top