show vpn
Purpose
Displays VPN configuration settings. Keywords allow for displaying all VPN settings or specified groups of settings.
Required permissions
For Digi products with two or more users, for this command to display current device settings, permissions for the set vpn command must be set to read or read/write by the set permissions s-vpn=read or set permissions s-vpn=rw commands. See set permissions for details on setting user permissions for commands.
Syntax
Show all VPN configuration settings
show vpn all
Show VPN global settings
show vpn global
Show VPN tunnel settings
show vpn tunnel [tunnel=1-5]
[name=tunnel name]
[verbose={on|off)]
Show VPN IKE/ISAKMP SA Phase 1 options for tunnels
show vpn phase1 [tunnel=1-5)
[name=tunnel name]
[verbose={on|off}]
Show VPN IKE/ISAKMP SA Phase 2 options for tunnels
show vpn phase2 [tunnel=1-5]
[name=tunnel name]
[proposal=1-8]
[verbose={on|off}]
Show the network interface used to communicate with the remote VPN device
show vpn interface
Options
tunnel=1-5
Selects the VPN tunnel by number.
name=tunnel name
Selects the VPN tunnel by name.
verbose={on|off}
If set to on, a detailed list of settings will be displayed. If set to off, a short summary of the tunnel settings is displayed.
proposal=1-8
The index number assigned to the security proposal.
Examples
Display VPN tunnel configuration summary
This example shows how to display a summary of VPN tunnel configuration:
#> show vpn tunnel tunnel=1 verbose=off VPN Tunnel Configuration : # name remote endpoint remote tunnel local tunnel - ---------------- --------------- ------------------ ----------------- 1 Tunnel 1 75.75.75.75 192.168.1.0/24 172.16.1.0/24
Display detailed VPN tunnel configuration settings
This example shows how to display the detailed list of configuration settings for a tunnel:
#> show vpn tunnel tunnel=1 verbose=on
VPN Tunnel #1 Configuration :
General Settings :
name : Tunnel 1
mode : isakmp
autostart : disabled
host mode : disabled
remote peer address : 75.75.75.75
remote peer ID :
interface : mobile0
local peer ID : walter@digi.com Tunnel Settings :
remote side : ipv4subnet 192.168.1.0 - 255.255.255.0
local side : ipv4subnet 172.16.1.0 - 255.255.255.0 ISAKMP Settings:
Client : enabled
Server : enabled
NAT Traversal : enabled
NAT-T KA Interval : 20
Aggressive mode : enabled
PFS : enabled
Phase 1 DH Group : set in each phase 1 proposal
Phase 2 DH Group : 2 (1024-bit)
ISAKMP Phase 1 Settings:
index# encryption/size authentication
------ --------------- --------------
1 3des/0 md5
Phase 2 Settings :
index# state encryption authentication
------ -------- ---------- --------------
1 enabled 3des md5
2 disabled des md5
3 disabled des md5
4 disabled des md5
5 disabled des md5
6 disabled des md5
7 disabled des md5
8 disabled des md5
PDF
