leon@SRX300> show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 8047590 UP a7e26ece934f0485 bf66d83ad27db7b2 IKEv2 a.a.a.a leon@SRX300> show security ipsec security-associations Total active tunnels: 1 Total Ipsec sas: 1 ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway <131073 ESP:aes-cbc-256/sha256 beec2d48 3590/ unlim - root 4500 a.a.a.a >131073 ESP:aes-cbc-256/sha256 8005bac 3590/ unlim - root 4500 a.a.a.a leon@SRX300> show security flow session Session ID: 2394, Policy name: N/A, Timeout: N/A, Valid In: a.a.a.a/52113 --> 192.168.178.10/18330;esp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 2395, Policy name: N/A, Timeout: N/A, Valid In: a.a.a.a/0 --> 192.168.178.10/0;esp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 14115, Policy name: self-traffic-policy/1, Timeout: 44, Valid In: a.a.a.a/4500 --> 192.168.178.10/4500;udp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 1, Bytes: 312, Out: 192.168.178.10/4500 --> a.a.a.a/4500;udp, Conn Tag: 0x0, If: .local..0, Pkts: 198, Bytes: 19326, Session ID: 14116, Policy name: N/A, Timeout: N/A, Valid In: a.a.a.a/4500 --> 192.168.178.10/4500;udp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 16455, Policy name: self-traffic-policy/1, Timeout: 34, Valid In: a.a.a.a/500 --> 192.168.178.10/500;udp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 1, Bytes: 438, Out: 192.168.178.10/500 --> a.a.a.a/500;udp, Conn Tag: 0x0, If: .local..0, Pkts: 1, Bytes: 474, Session ID: 44514, Policy name: N/A, Timeout: N/A, Valid In: a.a.a.a/12142 --> 192.168.178.10/20095;esp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Session ID: 44516, Policy name: N/A, Timeout: N/A, Valid In: a.a.a.a/0 --> 192.168.178.10/0;ah, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0, Total sessions: 10 leon@SRX300> show configuration security ike { proposal ike-proposal-LAB { authentication-method pre-shared-keys; dh-group group5; authentication-algorithm sha-384; encryption-algorithm aes-256-cbc; lifetime-seconds 28800; } policy ike-policy-LAB { mode main; proposals ike-proposal-LAB; pre-shared-key ascii-text "XXXX"; ## SECRET-DATA } gateway ike-gate-LAB { ike-policy ike-policy-LAB; address a.a.a.a; external-interface ge-0/0/0; version v2-only; } } ipsec { proposal ipsec-proposal-LAB { protocol esp; authentication-algorithm hmac-sha-256-128; encryption-algorithm aes-256-cbc; lifetime-seconds 3600; } policy ipsec-policy-LAB { perfect-forward-secrecy { keys group5; } proposals ipsec-proposal-LAB; } vpn ipsec-vpn-LAB { bind-interface st0.1; ike { gateway ike-gate-LAB; ipsec-policy ipsec-policy-LAB; } establish-tunnels immediately; } } leon@SRX300> show configuration interfaces st0 unit 1 { family inet { address 10.10.12.2/30; } } leon@SRX300> ping 10.10.12.1 inet count 5 PING 10.10.12.1 (10.10.12.1): 56 data bytes --- 10.10.12.1 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss leon@SRX300>