dump servicelink status
Use the dump servicelink status command
to display status of standard VPNs. Information includes the IPsec
profile selected, authentication, Internet Key Exchange (IKE) protocol
details, Encapsulating Security Payload (ESP) details and Dead Peer
Detection (DPD) details.
The output differs based on whether
the standard VPN is up or down. When the VPN is down, the configuration
details are displayed as part of the status.
The output differs
based on the standard VPN protocol—IPsec or GRE. For GRE, interval
and Failure Count information displays only if Keepalives are enabled.
Command
dump servicelink status (all | sldev= | slname=)
Options
| all | Enter all to display status
of all the standard VPNs. |
| sldev | Enter the standard VPN number to view status
for a standard VPN. |
| slname | Enter the standard VPN interface name to
view status for a standard VPN. |
Command Notes
| Role | Super, Read Only, Monitor |
|
| Introduced in | Release 4.7.1 |
Example
The output for ZScaler Service
Link (IPSec)
dump servicelink status sldev=sl1
ServiceLink : sl1
Interface : slzscalerthree
Description :
ID : 16119027917990015
Type : service_link (ipsec)
Admin State : up
Alarms : enabled
NetworkContextID :
IpfixCollectorContextID :
IpfixFilterContextID :
Scope : local
Directed Broadcast : false
MTU : 1400
IP : static
Address : 192.168.10.1/24
Parent Interface : 12.34
Parent Device : eth1.34
Service Endpoint : ZScalerthree
IPSec Profile : ZSCALER_IKEV1
Authentication Type : psk
Local ID Type : custom
Local ID : zainab@demo-cloudgenix.com
Key Exchange : ikev1
IKE Mode : Aggressive
IKE Lifetime : 1 hours
IKE Remote Port : 500
IKE DH Group/Encryption/Hash : modp1024/aes128/sha1, modp1024/aes128/sha256
ESP Lifetime : 1 hours
ESP Encapsulation : Auto
ESP DH Group/Encryption/Hash : none/none/md5
DPD Enabled : yes
DPD Delay : 10
DPD Timeout : 60
Device : sl1
State : up
Last Change : 2021-02-03 07:18:51.531 (1m47s ago)
Address : 192.168.10.1/24
Route : 0.0.0.0/0 via 192.168.10.1 metric 0
Extended State : tunnel_up
IPSec Algo : NULL_HMAC_MD5_96
Ike Algo : AES_CBC_128HMAC_SHA1_96
HostName : qla1-vpn.zscalerthree.net
Remote IP : 104.129.198.179
Local IP : 10.9.34.13
IkeNextRekey : 2021-02-03 08:16:15.707023365 +0000 UTC
IPsecNextRekey : 2021-02-03 08:09:12.707022419 +0000 UTC
Peer configured on service endpoint Service endpoint name: ZScalerthree
Order of connection Try:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
IP Address | Hostname | Reachable | Latency(ms) | Last Liveliness Failed | Last TunnelBringup Failed | Hold Time |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
104.129.202.10 | sjc4-vpn.zscalerthree.net | Yes | 2 | | 2021-02-03 07:17:49 | ||
104.129.198.179 | qla1-vpn.zscalerthree.net | Yes | 10 | | | ||
165.225.50.22 | sea1-vpn.zscalerthree.net | Yes | 20 | | | ||
165.225.216.38 | dfw1-2-vpn.zscalerthree.net | Yes | 39 | | | ||
165.225.34.44 | dfw1-vpn.zscalerthree.net | Yes | 40 | | | ||
165.225.0.165 | chi1-vpn.zscalerthree.net | Yes | 50 | | | ||
165.225.208.38 | yto3-vpn.zscalerthree.net | Yes | 64 | | | ||
165.225.38.52 | nyc3-vpn.zscalerthree.net | Yes | 73 | | | ||
165.225.48.10 | was1-vpn.zscalerthree.net | Yes | 78 | | | ||
165.225.8.35 | was1-2-vpn.zscalerthree.net | Yes | 80 | | | ||
165.225.110.24 | tyo4-vpn.zscalerthree.net | Yes | 106 | | | ||
165.225.16.38 | lon3-vpn.zscalerthree.net | Yes | 133 | | | ||
165.225.28.14 | ams2-vpn.zscalerthree.net | Yes | 137 | | | ||
165.225.192.29 | sto3-vpn.zscalerthree.net | Yes | 138 | | | ||
165.225.196.35 | Man1-vpn.zscalerthree.net | Yes | 143 | | | ||
165.225.94.38 | zrh1-vpn.zscalerthree.net | Yes | 151 | | | ||
165.225.86.39 | mil2-vpn.zscalerthree.net | Yes | 154 | | | ||
165.225.92.35 | Mad3-vpn.zscalerthree.net | Yes | 155 | | | ||
165.225.114.24 | syd3-vpn.zscalerthree.net | Yes | 167 | | | ||
213.52.102.19 | osl2-vpn.zscalerthree.net | Yes | 168 | | | ||
165.225.112.24 | sin4-vpn.zscalerthree.net | Yes | 172 | | | ||
165.225.214.39 | sao2-2-vpn.zscalerthree.net | Yes | 188 | | | ||
94.188.131.35 | tlv1-vpn.zscalerthree.net | Yes | 207 | | | ||
154.113.23.33 | los2-vpn.zscalerthree.net | Yes | 227 | | | ||
165.225.106.39 | bom4-vpn.zscalerthree.net | Yes | 244 | | | ||
165.225.104.28 | maa1-vpn.zscalerthree.net | Yes | 265 | | | ||
165.225.84.39 | waw1-vpn.zscalerthree.net | No | NA | | | ||
211.144.19.18 | bjs1-vpn.zscalerthree.net | No | NA | | | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Liveliness probe status---------------------------------------------------------------
Type : http
Url : http://gateway.zscalerthree.net/vpntest
Status : true
Latency(ms) : 95
Last updated : 2021-02-03T07:18:50
Type : icmp
Ipv4 : 8.8.8.8
Status : true
Latency(ms) : 12
Last updated : 2021-02-03T07:18:49
The output for
Prisma Access Service Link (IPSec)
Public-BLR-Branch3K# dump servicelink status slname=AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6
ServiceLink : sl2
Interface : AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6
Description : Prisma Access info on Panorama:
Remote Onboarding: AUTO-CGX_remotenet-2
IPSEC Tunnel: AUTO-CGX_ipsec_tn-2-A
IKE Gateway: AUTO-CGX_ike_gw-2-c6ab50f
Prisma License: FWAAS-AGGREGATE
ID : 16124203058570004
Type : service_link (ipsec)
Admin State : up
Alarms : enabled
NetworkContextID :
Scope : local
Directed Broadcast : false
MTU : 1400
IP : static
Address : 172.16.0.2/31
Parent Interface : 6
Parent Device : eth6
Peer : 208.127.66.98
Service Endpoint : Prisma US East (us-east-1)
IPSec Profile : AUTO-PRISMA_IPSEC-Profile
Authentication Type : psk
Remote ID : prisma-tunnel@mycompany.com
Local ID Type : custom
Local ID : cgx-tunnel@mycompany.com
Key Exchange : ikev2
IKE Reauth : no
IKE Lifetime : 8 hours
IKE Remote Port : 500
IKE DH Group/Encryption/Hash : ecp384/aes256/sha512
ESP Lifetime : 1 hours
ESP Encapsulation : Auto
ESP DH Group/Encryption/Hash : ecp384/aes256/sha512
DPD Enabled : yes
DPD Delay : 10
DPD Timeout : 30
Authentication Override
Authentication Type : psk
Remote ID : prisma-tunnel@mycompany.com
Local ID Type : custom
Local ID : cgx-tunnel.2@mycompany.com
Device : sl2
State : up
Last Change : 2021-02-04 15:19:43.502 (11h36m2s ago)
Address : 172.16.0.2/31
Route : 0.0.0.0/0 via 172.16.0.2 metric 0
Extended State : tunnel_up
IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256
Ike Algo : AES_CBC_256HMAC_SHA2_512_256
Remote IP : 208.127.66.98
Local IP : 10.64.9.252
IkeLastRekeyed : 2021-02-04 22:48:20.744106061 +0000 UTC
IkeNextRekey : 2021-02-05 06:29:03.744106976 +0000 UTC
IPsecLastRekeyed: 2021-02-05 02:07:43.850020484 +0000 UTC
IPsecNextRekey : 2021-02-05 02:56:04.850022436 +0000 UTC
Peer configured on interface Ipv4Addr: 208.127.66.98 ---------------------------------------------------------------
Liveliness probe status ---------------------------------------------------------------
Type : icmp
Ipv4 : 192.168.220.254
Status : true
Latency : 251
Last updated : 2021-02-04T15:19:42
Output for DC-DC Interconnectivity
dump servicelink status sldev=sl1
ServiceLink : sl1
Interface : ToDC
Description : To Hub2
ID : 1703221347301010628
Type : service_link (ipsec)
Admin State : up
Alarms : enabled
Auth Type : none
NetworkContextID :
VRFContextID : 1692629914880022528
Vni : 0
VRF Name : Global
IpfixCollectorContextID :
IpfixFilterContextID :
Scope : local
Directed Broadcast : false
MTU : 1400
IP : static
Address : a.b.1.1/24
IPv6 : No configuration
Parent Interface : 1
Parent Device : eth1
Peer : p.q.27.38
IPSec Profile : DC-DC
Authentication Type : psk
Local ID Type : local_ip
Key Exchange : ikev1
IKE Mode : Main
IKE Lifetime : 24 hours
IKE Remote Port : 500
IKE DH Group/Encryption/Hash : modp1536/aes256/sha256, modp2048/aes128/sha256, ecp384/aes128/sha256
ESP Lifetime : 8 hours
ESP Encapsulation : Auto
ESP DH Group/Encryption/Hash : modp1536/aes256/sha256, modp1024/aes128/sha256
DPD Enabled : yes
DPD Delay : 1
DPD Timeout : 5
Passive Mode : disabled
Authentication Override
Authentication Type : psk
Remote ID : hub2@test.com
Local ID Type : custom
Local ID : hub1@test.com
Device : sl1
State : up
Last Change : 2024-05-08 08:48:56.739 (19h58m5s ago)
Address : a.b.1.1/24
VRF Context ID : 1692629914880022528
VRF Name : Global
Vni : 0
Extended State : tunnel_up
IPSec Algo : AES_CBC_256_HMAC_SHA2_256_128
Ike Algo : AES_CBC_256HMAC_SHA2_256_128
Remote IP : p.q.27.38
Local IP : p.q.27.37
IkeNextRekey : 2024-05-09 08:39:55.690634914 +0000 UTC
IPsecLastRekeyed: 2024-05-08 23:52:33.342122037 +0000 UTC
IPsecNextRekey : 2024-05-09 07:27:08.342127823 +0000 UTC
DPDK Controlled : false
Passive Mode State : false
Peer configured on interface
IPv4Addr: p.q.27.38
