ZyXEL Communications 3.1 ユーザーズマニュアル

 Chapter 17 IPSec VPN

ZyWALL (ZLD) CLI Reference Guide

This table lists the commands for the SA monitor.

sa Commands: SA Monitor

show sa monitor [{begin 

<1..1000>} | {end <1..1000>} | 

{crypto-map regexp} | {policy 

regexp} |{rsort sort_order} |  

{sort sort_order}]

Displays the current IPSec SAs and the status of each one. You can specify a range of 
SA entries to display. You can also control the sort order of the display and search by 
VPN connection or (local or remote) policy.

: A keyword or regular expression. Use up to 30 alphanumeric and _+-

.()!$*^:?|{}[]<>/ characters.

A question mark (?) lets a single character in the VPN connection or policy name 
vary. For example, use “a?c” (without the quotation marks) to specify abc, acc and 
so on. 

Wildcards (*) let multiple VPN connection or policy names match the pattern. For 
example, use “*abc” (without the quotation marks) to specify any VPN connection or 
policy name that ends with “abc”. A VPN connection named “testabc” would match. 
There could be any number (of any type) of characters in front of the “abc” at the 
end and the VPN connection or policy name would still match. A VPN connection or 
policy name named “testacc” for example would not match. 

A * in the middle of a VPN connection or policy name has the ZyWALL check the 
beginning and end and ignore the middle. For example, with “abc*123”, any VPN 
connection or policy name starting with “abc” and ending in “123” matches, no 
matter how many characters are in between.

The whole VPN connection or policy name has to match if you do not use a question 
mark or asterisk. 

See 

 for other parameter description.

show isakmp sa

Displays current IKE SA and the status of each one.

no sa spi spi

Deletes the SA specified by the SPI.

: 2-8 hexadecimal (0-9, A-F) characters

no sa tunnel-name map_name

Deletes the specified IPSec SA.

show vpn-counters

Displays VPN traffic statistics.