Keep in mind that there are IKE/P1 and IPSEC/P2 tunnels for each connection to a VPN peer, along with inbound and outbound tunnels/SAs for each. Every individual tunnel/SA is represented by a SPI.
If you are using R80.10 on your firewall, this is pretty easy though:
vpn tu mstats, and use command
vpn tu tlist for more specific information about a tunnel.
For R77.30 and earlier you could use:
fw tab -s -t inbound_SPI
fw tab -s -t outbound_SPI
Also give this a try:
fw tab -u -t peers_count
Check out this rather lengthy but invaluable SK for more information: sk104760: ATRG: VPN Core
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com