The diagnose ipsec peer command diagnoses IPSec negotiation with a specified remote IP address.
diagnose ipsec peer [ vpn-instance vpn-instance-name ] [ remote-ipv4 | remote-ipv6 ] [ timeout timeout ]
| Parameter | Description | Value |
|---|---|---|
remote-ipv4 |
Specifies the remote IPv4 address of an IPSec tunnel. |
The value is in dotted decimal notation. |
remote-ipv6 |
Specifies the remote IPv6 address of an IPSec tunnel. |
The value is in colon hexadecimal notation. |
vpn-instance vpn-instance-name |
Specifies the vpn-instance name. |
The value must be an existing vpn-instance name. |
timeout timeout |
Specifies the timeout interval of the diagnosis process. |
It is an integer that ranges from 10 to 120, in seconds. The default value is 30. |
Usage Scenario
This command is used on the headquarters to diagnose IPSec faults of the remote gateway. For example, the headquarters establishes IPSec tunnels with multiple branches. If a branch cannot access the headquarters, you can run this command on the device of the headquarters to diagnose the IP address of the interface of the branch.
Precautions
This command can only be configured on the responder.
This command does not apply to the scenario where an IPSec policy or IPSec profile is applied to a tunnel interface.
# Perform an IPSec negotiation diagnosis for the IPSec tunnel with the remote IP address 10.3.3.1.
<sysname> diagnose ipsec peer 10.3.3.1
IPSec diagnosing......
(1).Negotiation Result in Phase 1:The negotiation Result is successful.
(2).Negotiation Result in Phase 2:The negotiation Result is successful.