- No category
advertisement
PART 3
Administration
•
Operational Commands on page 51
Copyright © 2016, Juniper Networks, Inc.
49
IKE and ESP ALG Feature Guide for Security Devices
50 Copyright © 2016, Juniper Networks, Inc.
CHAPTER 4
Operational Commands
•
clear security alg ike-esp-nat
•
show security alg ike-esp-nat summary
•
•
Copyright © 2016, Juniper Networks, Inc.
51
IKE and ESP ALG Feature Guide for Security Devices
clear security alg ike-esp-nat
Supported Platforms J Series , SRX Series
Syntax clear security alg ike-esp-nat
Release Information Command introduced in Junos OS Release 10.2.
Description Clear state information about Application Layer Gateway (ALG) for IKE and ESP.
Required Privilege
Level clear
Related
Documentation
•
show security alg ike-esp-nat summary on page 53
List of Sample Output
clear security alg ike-esp-nat on page 52
Output Fields This command produces no output.
Sample Output clear security alg ike-esp-nat user@host> clear security alg ike-esp-nat
10 active IKE-ESP alg state cleared
52 Copyright © 2016, Juniper Networks, Inc.
Chapter 4: Operational Commands
show security alg ike-esp-nat summary
Supported Platforms J Series , SRX Series
Syntax show security alg ike-esp-nat summary
Release Information Command introduced in Junos OS Release 10.2.
Description Display Application Layer Gateway (ALG) for IKE and ESP information summary.
Required Privilege
Level view
Related
Documentation
•
clear security alg ike-esp-nat on page 52
List of Sample Output
show security alg ike-esp-nat summary on page 53
Sample Output show security alg ike-esp-nat summary user@host> security alg ike-esp-nat summary
Initiator cookie: d5732d9b4114de1a
Responder cookie: 4776fe31164ef
Session-ID: 13
ALG state : 1
Timeout: 6292
Used IKE cookies: 0
Maximum IKE cookies: 2400
Copyright © 2016, Juniper Networks, Inc.
53
IKE and ESP ALG Feature Guide for Security Devices
show security zones
Supported Platforms J Series , LN Series , SRX Series
Syntax show security zones
<detail | terse>
< zone-name >
Release Information Command introduced in Junos OS Release 8.5. The Description output field added in
Junos OS Release 12.1.
Description Display information about security zones.
Options
• none—Display information about all zones.
• detail
| terse—(Optional) Display the specified level of output.
•
zone-name
—(Optional) Display information about the specified zone.
Required Privilege
Level view
Related
Documentation
•
Ethernet Port Switching Feature Guide for Security Devices
•
Layer 2 Bridging and Transparent Mode Feature Guide for Security Devices
•
security-zone
•
Security Zones and Interfaces Feature Guide for Security Devices
•
Junos OS Logical Systems Library for Security Devices
List of Sample Output
show security zones terse on page 56
Output Fields
lists the output fields for the show security zones command. Output fields are listed in the approximate order in which they appear.
Table 3: show security zones Output Fields
Field Name Field Description
Security zone
Name of the security zone.
Description
Policy configurable
Interfaces bound
Description of the security zone.
Whether the policy can be configured or not.
Interfaces
Number of interfaces in the zone.
List of the interfaces in the zone.
54 Copyright © 2016, Juniper Networks, Inc.
Table 3: show security zones Output Fields (continued)
Field Name Field Description
Zone
Type
Name of the zone.
Type of the zone.
Sample Output show security zones user@host> show security zones
Functional zone: management
Description: This is the management zone.
Policy configurable: No
Interfaces bound: 1
Interfaces:
ge-0/0/0.0
Security zone: Host
Description: This is the host zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
fxp0.0
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Security zone: def
Description: This is the def zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/2.0
Sample Output show security zones abc user@host> show security zones abc
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Sample Output show security zones abc detail user@host> show security zones abc detail
Copyright © 2016, Juniper Networks, Inc.
Chapter 4: Operational Commands
55
IKE and ESP ALG Feature Guide for Security Devices
Security zone: abc
Description: This is the abc zone.
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Sample Output show security zones terse user@host> show security zones terse
Zone Type my-internal Security my-external Security dmz Security
56 Copyright © 2016, Juniper Networks, Inc.
Chapter 4: Operational Commands
show security zones type
Supported Platforms J Series , LN Series , SRX Series
Syntax show security zones type
(functional | security)
<detail | terse>
Release Information Command introduced in Junos OS Release 8.5. The Description output field added in
Junos OS Release 12.1.
Description Display information about security zones of the specified type.
Options
• functional —Display functional zones.
• security —Display security zones.
• detail | terse—(Optional) Display the specified level of output.
Required Privilege
Level view
Related
Documentation
•
security-zone
•
Security Zones and Interfaces Feature Guide for Security Devices
List of Sample Output
Output Fields
lists the output fields for the show security zones type command.
Output fields are listed in the approximate order in which they appear.
Table 4: show security zones type Output Fields
Field Name Field Description
Security zone
Zone name.
Description Description of the security zone.
Whether the policy can be configured or not.
Policy configurable
Interfaces bound Number of interfaces in the zone.
List of the interfaces in the zone.
Interfaces
Zone
Type
Name of the zone.
Type of the zone.
Copyright © 2016, Juniper Networks, Inc.
57
IKE and ESP ALG Feature Guide for Security Devices
Sample Output show security zones type functional user@host> show security zones type functional
Functional zone: management
Description: management zone
Policy configurable: No
Interfaces bound: 0
Interfaces:
Sample Output show security zones type security user@host> show security zones type security
Security zone: trust
Description: trust zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/0.0
Security zone: untrust
Description: untrust zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Security zone: junos-host
Description: junos-host zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:
Sample Output show security zones type security terse user@host> show security zones type security terse
Zone Type trust Security untrust Security junos-host Security
Sample Output show security zones type security detail user@host> show security zones type security detail
Security zone: trust
Description: trust zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/0.0
58 Copyright © 2016, Juniper Networks, Inc.
Security zone: untrust
Description: untrust zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0
Security zone: junos-host
Description: junos-host zone
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:
Chapter 4: Operational Commands
Copyright © 2016, Juniper Networks, Inc.
59
IKE and ESP ALG Feature Guide for Security Devices
60 Copyright © 2016, Juniper Networks, Inc.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Table of Contents
- 5 List of Tables
- 7 About the Documentation
- 7 Documentation and Release Notes
- 7 Supported Platforms
- 7 Using the Examples in This Manual
- 8 Merging a Full Example
- 8 Merging a Snippet
- 9 Documentation Conventions
- 11 Documentation Feedback
- 11 Requesting Technical Support
- 11 Self-Help Online Tools and Resources
- 12 Opening a Case with JTAC
- 13 Part 1: Overview
- 15 Chapter 1: Basics
- 15 Understanding ALG for IKE and ESP
- 16 Understanding IKE and ESP ALG Operation
- 19 Part 2: Configuration
- 21 Chapter 2: IKE and ESP ALG and Timeouts
- 21 Example: Configuring the IKE and ESP ALG
- 21 Requirements
- 21 Overview
- 22 Configuration
- 22 Configuring a NAT Source Pool and Rule Set
- 23 Configuring a Custom Application and Associating it to a Policy
- 25 Configuring IKE and ESP ALG Support for Both NAT-T Capable and Noncapable Clients
- 26 Verification
- 26 Verifying IKE and ESP ALG Custom Applications
- 26 Verifying the NAT Source Pool and Rule Set
- 26 Example: Enabling IKE and ESP ALG and Setting Timeouts
- 27 Requirements
- 27 Overview
- 27 Configuration
- 28 Verification
- 28 Verifying the ALG for IKE and ESP and Timeout Settings
- 29 Chapter 3: Configuration Statements
- 29 Applications Configuration Statement Hierarchy
- 30 [edit security alg] Hierarchy Level
- 34 [edit security policies] Hierarchy Level
- 39 alg
- 44 alg (Applications)
- 45 ike-esp-nat
- 46 alg-manager
- 46 support-lib
- 47 application-protocol (Applications)
- 48 ftp (Security ALG)
- 49 ike (Security)
- 51 nat-pat-address
- 52 policy (Security Policies)
- 54 rtsp
- 55 source-nat
- 56 sql
- 57 talk
- 58 tftp (Security ALG)
- 59 traceoptions (Security ALG)
- 61 Part 3: Administration
- 63 Chapter 4: Operational Commands
- 64 clear security alg ike-esp-nat
- 65 show security alg ike-esp-nat summary
- 66 show security zones
- 69 show security zones type
- 73 Part 4: Index
- 75 Index
- 75 Symbols
- 75 A
- 75 B
- 75 C
- 75 D
- 75 F
- 75 I
- 75 M
- 75 N
- 75 P
- 75 R
- 75 S
- 75 T