HP 6600 Security Configuration Manual page 320

4. Verify the configuration:
# Check the IKE proposal configuration.
[RouterA] display ike proposal
priority authentication authentication encryption Diffie-Hellman duration
method
---------------------------------------------------------------------------
10 PRE_SHARED
default PRE_SHARED
[RouterB] display ike proposal
priority authentication authentication encryption Diffie-Hellman duration
method
---------------------------------------------------------------------------
default PRE_SHARED
Router A and Router B has only one pair of matching IKE proposals. Matching IKE proposals do
not necessarily use the same ISAKMP SA lifetime setting.
# Send traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24. Router A starts IKE negotiation
with Router B when receiving the first packet.
# View the SAs established in the two IKE negotiation phases.
[RouterA] display ike sa
total phase-1 SAs:
connection-id
----------------------------------------------------------
1
2
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO-TIMEOUT RK-REKEY
# Display information about the established IPsec SAs, which protect traffic between subnet
10.1.1.0/24 and subnet 10.1.2.0/24.
[RouterA] display ipsec sa
===============================
Interface: GigabitEthernet3/0/1
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
acl version: ACL4
mode: isakmp
-----------------------------
PFS: N, DH group: none
tunnel:
local
remote address: 2.2.2.2
flow:
sour addr: 10.1.1.0/255.255.255.0
algorithm
MD5
SHA
algorithm
SHA
1
peer
2.2.2.2
2.2.2.2
address: 1.1.1.1
306
algorithm
DES_CBC
DES_CBC
algorithm
DES_CBC
flag phase
RD|ST 1
RD|ST 2
port: 0 protocol: IP
group (seconds)
MODP_768 5000
MODP_768 86400
group (seconds)
MODP_768 86400
doi
IPSEC
IPSEC