The `show security ipsec sa` command displays a brief summary of IPsec security associations (SAs) on a Juniper SRX device. The output includes information such as:
- SA ID
- Tunnel ID
- Local address
- Remote address
- Encryption algorithm
- Authentication algorithm
- Lifetime (seconds)
- Remaining lifetime (seconds)
- Status (e.g., "active", "inactive", "expired")
Here's an example output:
`show security ipsec sa`
`ID Tunnel Local Remote Encryption Auth Lifetime Remaining Status`
`123 1 10.0.0.1/32 10.0.0.2/32 aes-256 hmac-sha1 3600 3000 active`
This output indicates that there is an active IPsec SA with:
- SA ID: 123
- Tunnel ID: 1
- Local address: 10.0.0.1/32
- Remote address: 10.0.0.2/32
- Encryption algorithm: aes-256
- Authentication algorithm: hmac-sha1
- Lifetime: 3600 seconds (1 hour)
- Remaining lifetime: 3000 seconds (50 minutes)
- Status: active