• Display the basic statistics of all VPN tunnels

> show running tunnel flow info

• Display the IKE SA for a given gateway

> show vpn ike-sa gateway <gateway> | match <x.x.x.x/Y>

• Display the IKE SA for a given tunnel

> show vpn ike-sa tunnel <tunnel>

• Display IPSec counters

> show vpn flow

• Display the list of all IPSec gateways and their configurations

> show vpn gateway

• Display IKE phase 1 SAs

> show vpn ike-sa

• Display IKE phase 2 SAs

> show vpn ipsec-sa

• Display the list of auto-key IPSec tunnel configurations

>  show vpn tunnel

• Delete the IKEv1 IKE SA for a given gateway

> clear vpn ike-sa gateway <gateway>

• Delete the IKEv1 IKE SA for a given tunnel

> clear vpn ike-sa tunnel <tunnel>

• Delete the IKEv1 IPSec SA for a given tunnel

> clear vpn ipsec-sa tunnel <tunnel>

• Initiate an IKE negotiation with the designated gateway

> test vpn ike-sa gateway <gateway>

• Initiate an IPSec negotiation for the designated tunnel

> test vpn ipsec-sa tunnel <tunnel>

• Turn on debugging to view detailed logging and status

> debug ike global on debug less mp-log ikemgr.log debug ike stat

• Packet capture to view and to capture main, aggressive, and quick mode negotiations.

> debug ike pcap on view-pcap no-dns-lookup yes no-port-lookup yes debug-pcap ikemgr.pcap

• Turn off debugging

> debug ike pcap off