Using the browser interface, you can diagnose problems with the IPsec tunnels you create on the BIG-IP® system. The IPsec diagnostics search capability facilitates quick retrieval of data, even when you have a large number of IPsec tunnels. The search results list the traffic selector that meets your criteria. You can search on source IP address, destination IP address, both source and destination IP addresses, IPsec policy name, or traffic selector name.
To search on the source or destination IP address of a traffic selector, you can type either a valid IPv4 or valid IPv6 address. The BIG-IP system currently finds only exact matches for IP addresses. To use a route domain ID for a non-default route domain, that is, a route domain other than 0, append the character % and the route domain ID number to the end of the IP address. For example, to use route domain 2 with an IPv4 address of 184.108.40.206, you would type 220.127.116.11%2. For the default route domain (0), do not append any additional characters to the IP address.
These examples show the diagnostic details that are available as the result of an IPsec traffic selector search.
The color of the icon in the Tunnel State or security association (SA) State column indicates the condition of the connection.
Example of IPsec Stat Details tab diagnostics
Example of IPsec Security Association Details tab diagnostics