ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security ipsec policy show

    Display IPsec policies

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The security ipsec policy show command displays information about configured IPsec policies. All parameters are optional. This command is supported only when IPsec is enabled.

    Running the command with the -vserver parameter displays all policies associated with the specified vserver.

    You can specify additional parameters to display only information that matches those parameters. For example, to display policies associated with a certain local ip subnet, run the command with the -local-ip-subnets parameter.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>,…​ parameter, the command displays only the specified fields. Notice that key fields are always displayed.

    | [-instance ] }

    If you specify the -instance parameter, the command displays all fields of the policies.

    [-vserver <vserver name>] - Vserver

    If you specify this parameter, only policies associated with this Vserver will be displayed.

    [-name <text>] - Policy Name

    This parameter specifies the policy to be displayed.

    [-local-ip-subnets <IP Address/Mask>,…​] - Local IP Subnets

    If you specify this parameter, information about local-ip-subnets will be displayed.

    [-remote-ip-subnets <IP Address/Mask>,…​] - Remote IP Subnets

    If you specify this parameter, information about remote-ip-subnets will be displayed.

    [-local-ports {<Number>|<StartingNumber>-<EndingNumber>}] - Local Ports

    If you specify this parameter, information about local-ports will be displayed.

    [-remote-ports {<Number>|<StartingNumber>-<EndingNumber>}] - Remote Ports

    If you specify this parameter, information about remote-ports will be displayed.

    [-protocols {<Protocol Number>|<Protocol Name>}] - Protocols

    If you specify this parameter, information about protocols will be displayed.

    [-action <IPsec Action Type>] - Action

    If you specify this parameter, information about action will be displayed.

    [-cipher-suite <Cipher Suite Type>] - Cipher Suite

    If you specify this parameter, information about cipher-suite will be displayed.

    [-ike-lifetime <integer>] - IKE Security Association Lifetime

    If you specify this parameter, information about ike-lifetime will be displayed.

    [-ipsec-lifetime <integer>] - IPsec Security Association Lifetime

    If you specify this parameter, information about ipsec-lifetime will be displayed.

    [-ipsec-lifetime-bytes <integer>] - IPsec Security Association Lifetime (bytes)

    If you specify this parameter, information about ipsec-lifetime-bytes will be displayed.

    [-is-enabled {true|false}] - Is Policy Enabled

    If you specify this parameter, information about is-enabled will be displayed.

    [-local-identity <text>] - Local Identity

    If you specify this parameter, information about local IKE endpoint’s identity, if configured, will be displayed.

    [-remote-identity <text>] - Remote Identity

    If you specify this parameter, information about remote IKE endpoint’s identity, if configured, will be displayed.

    [-auth-method <IKE Authentication Method>] - Authentication Method

    If you specify this parameter, the authentication method of the policy will be displayed.

    [-cert-name <text>] - Certificate for Local Identity

    If you specify this parameter, the name of the certificate will be displayed.

    Examples

    The this example displays all policies in all Vservers:

    cluster-1::> security ipsec policy show
            Policy                                           Cipher
    Vserver Name       Local IP Subnet    Remote IP Subnet   Suite          Action
    ------- ---------- ------------------ ------------------ -------------- -------
    vs_data1
            Policy1    192.168.10.1/32    192.168.20.1/32    SUITEB_GCM256  ESP_TRA
            Policy3    192.158.10.10/32   192.158.10.20/32   SUITEB_GCM256  DISCARD
    vs_data2
            Policy2    10.10.10.10/32     20.20.20.20/32     SUITE_AESCBC   ESP_TRA
    3 entries were displayed.

    This example displays all of the IPsec policies from a single Vserver:

    cluster-1::> security ipsec policy show -vserver vs_data1
            Policy                                           Cipher
    Vserver Name       Local IP Subnet    Remote IP Subnet   Suite          Action
    ------- ---------- ------------------ ------------------ -------------- -------
    vs_data1
            Policy1    192.168.10.1/32    192.168.20.1/32    SUITEB_GCM256  ESP_TRA
            Policy3    192.158.10.10/32   192.158.10.20/32   SUITEB_GCM256  DISCARD
    2 entries were displayed.

    This example displays a specific policy:

    cluster-1::> security ipsec policy show -vserver vs_data1 -name Policy1
    Vserver Name: vs_data1
                                    Policy Name: Policy1
                               Local IP Subnets: 192.168.10.1/32
                              Remote IP Subnets: 192.168.20.1/32
                                    Local Ports: 0-0
                                   Remote Ports: 0-0
                                      Protocols: any
                                         Action: ESP_TRA
                                   Cipher Suite: SUITEB_GCM256
              IKE Security Association Lifetime: 10800
            IPsec Security Association Lifetime: 3600
    IPsec Security Association Lifetime (bytes): 0
                              Is Policy Enabled: true
                                 Local Identity:
                                Remote Identity:

    This example displays a specific field from all policies:

    cluster-1::> security ipsec policy show -fields local-ip-subnets
    vserver  name    local-ip-subnets
    -------- ------- ----------------
    vs_data1 Policy1 192.168.10.1/32
    vs_data1 Policy3 192.158.10.10/32
    vs_data2
             Policy2 10.10.10.10/32
    3 entries were displayed.
    Top of Page