Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
2
Helpful
5
Replies

Cisco SD WAN - IPSec tunnel Up time

RS19
Level 4
Level 4

‎07-23-2024 06:32 PM

In Cisco SD WAN how to check the IPSec tunnel up time. Means I want to know when the IPSec tunnel was established and how long the tunnel is up. 

What are the commands I can use to check it ?

0 Helpful
5 Replies 5

RS19
Level 4
Level 4

‎07-23-2024 07:16 PM

Any help - Inputs

0 Helpful

SamuelGLN
Spotlight
Spotlight

‎07-23-2024 10:49 PM

Hi @RS19 

In Cisco SD-WAN the WAN Edge routers securely communicate to other WAN Edge routers using IPsec tunnels over each transport. BFD protocol is enable by default and runs over each os these tunnels, detecting loss, latency, jitter and path failures.

You can check this using the following command:

vEdge20# show bfd sessions | tab

                                SRC    DST                  SITE                                     DETECT      TX
SRC IP      DST IP       PROTO  PORT   PORT   SYSTEM IP     ID    LOCAL COLOR   COLOR         STATE  MULTIPLIER  INTERVAL  UPTIME      TRANSITIONS
----------------------------------------------------------------------------------------------------------------------------------------------------
10.0.0.20   10.0.0.10    ipsec  12346  12346  192.168.0.10  10    mpls          mpls          up     7           1000      0:00:00:02  0
200.0.0.20  10.0.0.10    ipsec  12346  12346  192.168.0.10  10    biz-internet  mpls          up     7           1000      0:00:00:07  0
10.0.0.20   10.0.0.30    ipsec  12346  12346  192.168.0.30  30    mpls          mpls          up     7           1000      0:00:13:55  0
10.0.0.20   200.0.0.31   ipsec  12346  5062   192.168.0.30  30    mpls          biz-internet  up     7           1000      0:00:13:02  0
200.0.0.20  10.0.0.30    ipsec  12346  12346  192.168.0.30  30    biz-internet  mpls          up     7           1000      0:00:13:04  0
200.0.0.20  200.0.0.31   ipsec  12346  5062   192.168.0.30  30    biz-internet  biz-internet  up     7           1000      0:00:13:39  0

Best regards
******* If This Helps, Please Rate *******

 

0 Helpful

RS19
Level 4
Level 4

‎07-24-2024 12:13 AM

Thanks. Does it means if the bfd is down, it also means IPSec is down ?

0 Helpful

MHM Cisco World
VIP
VIP
In response to RS19

‎07-24-2024 06:28 AM

I already mention this command in your previous post' and sure SDWAN bfd use to detect peer if peer is not reachable then IPsec or GRE will be down.

MHM

SamuelGLN
Spotlight
Spotlight

‎07-24-2024 06:25 AM

Yes, BFD is used inside IPsec tunnels between all WAN Edges.

Best regards
******* If This Helps, Please Rate *******

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card