A network engineer is troubleshooting a VPN and wants to verify whether the decapsulation/encapsulation counters are increasing.
Which CLI command should the engineer run?
A network engineer is troubleshooting a VPN and wants to verify whether the decapsulation/encapsulation counters are increasing.
Which CLI command should the engineer run?
To verify whether the decapsulation/encapsulation counters are increasing, the appropriate command to use is 'Show vpn ipsec-sa tunnel <tunnel name>'. This command displays the security association (SA) details for the specified tunnel, which includes encapsulation and decapsulation statistics. These statistics reveal whether any data is being sent or received through the tunnel, thus helping determine the status of VPN traffic processing.
Check if encapsulation and decapsulation bytes are increasing. If the firewall is passing traffic, then both values should be increasing. > show vpn flow name <tunnel.id/tunnel.name> | match bytes
URL for reference https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
B TAKUM1y and secdaddy links are correct
B is the closest answer but it is missing the " | match bytes " part
B is correct