CLI Force Phase II up?

Forum|Forum|12 years ago
March 10, 2014
2 replies
9908 views

Where do I locate the serial number for a IPSEC-interface phase 2? I' m trying to write a script to bring up a phase 2, but it requires a serial number?

ede_pfau

SuperUser

 diag vpn tunnel list  ...  ------------------------------------------------------  name=bla-fw ver=1 serial=5 0.0.0.0:0->222.88.66.22:0 lgwy=dyn tun=intf mode=auto bound_if=46  proxyid_num=1 child_num=0 refcnt=5 ilast=1386126 olast=1386126  stat: rxp=0 txp=0 rxb=0 txb=0  dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=0  natt: mode=none draft=0 interval=0 remote_port=0  proxyid=bla_tunnel proto=0 sa=0 ref=1 auto_negotiate=0 serial=1     src: 0:192.168.234.0/255.255.255.0:0    dst: 0:192.168.30.0/255.255.255.0:0  ------------------------------------------------------

Paul_Dean

Visitor III

Does the tunnel not stay up with keepalive enabled? Would you mind sharing your script?

jtfinleyAuthor

New Member

Does the tunnel not stay up with keepalive enabled? Would you mind sharing your script?

Paul - correct. I have a script on the PC itself that pings every 5 minutes but it doesn' t work. The KeepAlive is on, but doesn' t seem to work thus this last ditch effort to script an SSH script to do it. Question is, is the serial number always the same on a phase ii?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded