dump servicelink status
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
dump servicelink status
Use the dump servicelink status command
to display status of standard VPNs. Information includes the IPsec
profile selected, authentication, Internet Key Exchange (IKE) protocol
details, Encapsulating Security Payload (ESP) details and Dead Peer
Detection (DPD) details.
The output differs based on whether
the standard VPN is up or down. When the VPN is down, the configuration
details are displayed as part of the status.
The output differs
based on the standard VPN protocol—IPsec or GRE. For GRE, interval
and Failure Count information displays only if Keepalives are enabled.
Command
dump servicelink status (all | sldev= | slname=)
Options
| all | Enter all to display status of all the standard VPNs. |
| sldev | Enter the standard VPN number to view status for a standard VPN. |
| slname | Enter the standard VPN interface name to view status for a standard VPN. |
Command Notes
| Role | Super, Read Only, Monitor |
| Related Commands |
|
| Introduced in | Release 4.7.1 |
Example
The output for ZScaler Service
Link (IPSec)
dump servicelink status sldev=sl1 ServiceLink : sl1 Interface : slzscalerthree Description : ID : 16119027917990015 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 192.168.10.1/24 Parent Interface : 12.34 Parent Device : eth1.34 Service Endpoint : ZScalerthree IPSec Profile : ZSCALER_IKEV1 Authentication Type : psk Local ID Type : custom Local ID : zainab@demo-cloudgenix.com Key Exchange : ikev1 IKE Mode : Aggressive IKE Lifetime : 1 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : modp1024/aes128/sha1, modp1024/aes128/sha256 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : none/none/md5 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 60 Device : sl1 State : up Last Change : 2021-02-03 07:18:51.531 (1m47s ago) Address : 192.168.10.1/24 Route : 0.0.0.0/0 via 192.168.10.1 metric 0 Extended State : tunnel_up IPSec Algo : NULL_HMAC_MD5_96 Ike Algo : AES_CBC_128HMAC_SHA1_96 HostName : qla1-vpn.zscalerthree.net Remote IP : 104.129.198.179 Local IP : 10.9.34.13 IkeNextRekey : 2021-02-03 08:16:15.707023365 +0000 UTC IPsecNextRekey : 2021-02-03 08:09:12.707022419 +0000 UTC Peer configured on service endpoint Service endpoint name: ZScalerthree Order of connection Try:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| IP Address | Hostname | Reachable | Latency(ms) | Last Liveliness Failed | Last TunnelBringup Failed | Hold Time | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 104.129.202.10 | sjc4-vpn.zscalerthree.net | Yes | 2 | | 2021-02-03 07:17:49 | || 104.129.198.179 | qla1-vpn.zscalerthree.net | Yes | 10 | | | || 165.225.50.22 | sea1-vpn.zscalerthree.net | Yes | 20 | | | || 165.225.216.38 | dfw1-2-vpn.zscalerthree.net | Yes | 39 | | | || 165.225.34.44 | dfw1-vpn.zscalerthree.net | Yes | 40 | | | || 165.225.0.165 | chi1-vpn.zscalerthree.net | Yes | 50 | | | || 165.225.208.38 | yto3-vpn.zscalerthree.net | Yes | 64 | | | || 165.225.38.52 | nyc3-vpn.zscalerthree.net | Yes | 73 | | | || 165.225.48.10 | was1-vpn.zscalerthree.net | Yes | 78 | | | || 165.225.8.35 | was1-2-vpn.zscalerthree.net | Yes | 80 | | | || 165.225.110.24 | tyo4-vpn.zscalerthree.net | Yes | 106 | | | || 165.225.16.38 | lon3-vpn.zscalerthree.net | Yes | 133 | | | || 165.225.28.14 | ams2-vpn.zscalerthree.net | Yes | 137 | | | || 165.225.192.29 | sto3-vpn.zscalerthree.net | Yes | 138 | | | || 165.225.196.35 | Man1-vpn.zscalerthree.net | Yes | 143 | | | || 165.225.94.38 | zrh1-vpn.zscalerthree.net | Yes | 151 | | | || 165.225.86.39 | mil2-vpn.zscalerthree.net | Yes | 154 | | | || 165.225.92.35 | Mad3-vpn.zscalerthree.net | Yes | 155 | | | || 165.225.114.24 | syd3-vpn.zscalerthree.net | Yes | 167 | | | || 213.52.102.19 | osl2-vpn.zscalerthree.net | Yes | 168 | | | || 165.225.112.24 | sin4-vpn.zscalerthree.net | Yes | 172 | | | || 165.225.214.39 | sao2-2-vpn.zscalerthree.net | Yes | 188 | | | || 94.188.131.35 | tlv1-vpn.zscalerthree.net | Yes | 207 | | | || 154.113.23.33 | los2-vpn.zscalerthree.net | Yes | 227 | | | || 165.225.106.39 | bom4-vpn.zscalerthree.net | Yes | 244 | | | || 165.225.104.28 | maa1-vpn.zscalerthree.net | Yes | 265 | | | || 165.225.84.39 | waw1-vpn.zscalerthree.net | No | NA | | | || 211.144.19.18 | bjs1-vpn.zscalerthree.net | No | NA | | | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Liveliness probe status--------------------------------------------------------------- Type : http Url : http://gateway.zscalerthree.net/vpntest Status : true Latency(ms) : 95 Last updated : 2021-02-03T07:18:50 Type : icmp Ipv4 : 8.8.8.8 Status : true Latency(ms) : 12 Last updated : 2021-02-03T07:18:49
The output for
Prisma Access Service Link (IPSec)
Public-BLR-Branch3K# dump servicelink status slname=AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6 ServiceLink : sl2 Interface : AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6 Description : Prisma Access info on Panorama: Remote Onboarding: AUTO-CGX_remotenet-2 IPSEC Tunnel: AUTO-CGX_ipsec_tn-2-A IKE Gateway: AUTO-CGX_ike_gw-2-c6ab50f Prisma License: FWAAS-AGGREGATE ID : 16124203058570004 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.2/31 Parent Interface : 6 Parent Device : eth6 Peer : 208.127.66.98 Service Endpoint : Prisma US East (us-east-1) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.2@mycompany.com Device : sl2 State : up Last Change : 2021-02-04 15:19:43.502 (11h36m2s ago) Address : 172.16.0.2/31 Route : 0.0.0.0/0 via 172.16.0.2 metric 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256 Ike Algo : AES_CBC_256HMAC_SHA2_512_256 Remote IP : 208.127.66.98 Local IP : 10.64.9.252 IkeLastRekeyed : 2021-02-04 22:48:20.744106061 +0000 UTC IkeNextRekey : 2021-02-05 06:29:03.744106976 +0000 UTC IPsecLastRekeyed: 2021-02-05 02:07:43.850020484 +0000 UTC IPsecNextRekey : 2021-02-05 02:56:04.850022436 +0000 UTC Peer configured on interface Ipv4Addr: 208.127.66.98 --------------------------------------------------------------- Liveliness probe status --------------------------------------------------------------- Type : icmp Ipv4 : 192.168.220.254 Status : true Latency : 251 Last updated : 2021-02-04T15:19:42
Output for DC-DC Interconnectivity
dump servicelink status sldev=sl1 ServiceLink : sl1 Interface : ToDC Description : To Hub2 ID : 1703221347301010628 Type : service_link (ipsec) Admin State : up Alarms : enabled Auth Type : none NetworkContextID : VRFContextID : 1692629914880022528 Vni : 0 VRF Name : Global IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : a.b.1.1/24 IPv6 : No configuration Parent Interface : 1 Parent Device : eth1 Peer : p.q.27.38 IPSec Profile : DC-DC Authentication Type : psk Local ID Type : local_ip Key Exchange : ikev1 IKE Mode : Main IKE Lifetime : 24 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : modp1536/aes256/sha256, modp2048/aes128/sha256, ecp384/aes128/sha256 ESP Lifetime : 8 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : modp1536/aes256/sha256, modp1024/aes128/sha256 DPD Enabled : yes DPD Delay : 1 DPD Timeout : 5 Passive Mode : disabled Authentication Override Authentication Type : psk Remote ID : hub2@test.com Local ID Type : custom Local ID : hub1@test.com Device : sl1 State : up Last Change : 2024-05-08 08:48:56.739 (19h58m5s ago) Address : a.b.1.1/24 VRF Context ID : 1692629914880022528 VRF Name : Global Vni : 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_256_128 Ike Algo : AES_CBC_256HMAC_SHA2_256_128 Remote IP : p.q.27.38 Local IP : p.q.27.37 IkeNextRekey : 2024-05-09 08:39:55.690634914 +0000 UTC IPsecLastRekeyed: 2024-05-08 23:52:33.342122037 +0000 UTC IPsecNextRekey : 2024-05-09 07:27:08.342127823 +0000 UTC DPDK Controlled : false Passive Mode State : false Peer configured on interface IPv4Addr: p.q.27.38