How to see all the set commands for an IPsec tunnel?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to see all the set commands for an IPsec tunnel?

L0 Member

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and everything but just change the GW IP, so getting the display set of the tunnel, gateway, and routes, would really help.

Let me add that I'm trying to get it from a firewall that's on a HA pair and is linked to Panorama. I dont see any local ipsec config on the firewall!!

1 accepted solution

Accepted Solutions

Community Team Member

Hi @Raydar ,

 

To view the set command you would normally use the "> set cli config-output-format" command.

However, this command is only useful for local config.  It will not show anything configured through panorama.

 

To view only the Panorama pushed configurations, which displays policies and objects pushed from Panorama:

> show config pushed-shared-policy

 

To view the template pushed to the device:

> show config pushed-template

 

Unfortunately the above CLI outputs are displayed in XML format so I'm not sure if they can help you.

 

That said, there is a feature request to view the set commands pushed from Panorama.  I'd reach out to your local SE and have him add your vote to the feature request.

 

Hope this helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

1 REPLY 1

Community Team Member

Hi @Raydar ,

 

To view the set command you would normally use the "> set cli config-output-format" command.

However, this command is only useful for local config.  It will not show anything configured through panorama.

 

To view only the Panorama pushed configurations, which displays policies and objects pushed from Panorama:

> show config pushed-shared-policy

 

To view the template pushed to the device:

> show config pushed-template

 

Unfortunately the above CLI outputs are displayed in XML format so I'm not sure if they can help you.

 

That said, there is a feature request to view the set commands pushed from Panorama.  I'd reach out to your local SE and have him add your vote to the feature request.

 

Hope this helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1 accepted solution
  • 3627 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!