Which command allows you to view the IPsec SA for all active tunnels?

The command that allows you to view the IPsec Security Associations (SA) for all active tunnels is "diagnose vpn tunnel list." This command provides a comprehensive list of all VPN tunnels along with the relevant details on their status, including IPsec configuration and the current state of each tunnel.

This information is crucial for troubleshooting and monitoring, as it helps administrators understand the active VPN connections, allowing them to quickly identify any potential issues or misconfigurations. Knowing the status of IPsec SAs is essential for ensuring the security and reliability of encrypted communications across networks.

The other commands have more limited functions. For instance, "show active ipsec" may give you information about active IPsec connections but does not provide the full depth of detail about the tunnels that the correct command does. "get ipsec sa list" might show details related to Security Associations specifically, but it is more focused on individual associations rather than the overall status of tunnels. "display ipsec tunnel status" could also provide insights on tunnel health, yet it typically does not encompass as complete a view of all active tunnels as the "diagnose vpn tunnel list" command. Therefore, using the designated command offers the most comprehensive insight for an administrator monitoring and managing IPsec tunnels.