cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
695
Views
2
Helpful
5
Replies

Cisco SD WAN - IPSec tunnel Up time

RS19
Level 4
Level 4

In Cisco SD WAN how to check the IPSec tunnel up time. Means I want to know when the IPSec tunnel was established and how long the tunnel is up. 

What are the commands I can use to check it ?

5 Replies 5

RS19
Level 4
Level 4

Any help - Inputs

SamuelGLN
Spotlight
Spotlight

Hi @RS19 

In Cisco SD-WAN the WAN Edge routers securely communicate to other WAN Edge routers using IPsec tunnels over each transport. BFD protocol is enable by default and runs over each os these tunnels, detecting loss, latency, jitter and path failures.

You can check this using the following command:

vEdge20# show bfd sessions | tab

                                SRC    DST                  SITE                                     DETECT      TX
SRC IP      DST IP       PROTO  PORT   PORT   SYSTEM IP     ID    LOCAL COLOR   COLOR         STATE  MULTIPLIER  INTERVAL  UPTIME      TRANSITIONS
----------------------------------------------------------------------------------------------------------------------------------------------------
10.0.0.20   10.0.0.10    ipsec  12346  12346  192.168.0.10  10    mpls          mpls          up     7           1000      0:00:00:02  0
200.0.0.20  10.0.0.10    ipsec  12346  12346  192.168.0.10  10    biz-internet  mpls          up     7           1000      0:00:00:07  0
10.0.0.20   10.0.0.30    ipsec  12346  12346  192.168.0.30  30    mpls          mpls          up     7           1000      0:00:13:55  0
10.0.0.20   200.0.0.31   ipsec  12346  5062   192.168.0.30  30    mpls          biz-internet  up     7           1000      0:00:13:02  0
200.0.0.20  10.0.0.30    ipsec  12346  12346  192.168.0.30  30    biz-internet  mpls          up     7           1000      0:00:13:04  0
200.0.0.20  200.0.0.31   ipsec  12346  5062   192.168.0.30  30    biz-internet  biz-internet  up     7           1000      0:00:13:39  0

Best regards
******* If This Helps, Please Rate *******

 

RS19
Level 4
Level 4

Thanks. Does it means if the bfd is down, it also means IPSec is down ?

I already mention this command in your previous post' and sure SDWAN bfd use to detect peer if peer is not reachable then IPsec or GRE will be down.

MHM

SamuelGLN
Spotlight
Spotlight

Yes, BFD is used inside IPsec tunnels between all WAN Edges.

Best regards
******* If This Helps, Please Rate *******