HPE FlexNetwork HSR6800 Security Command Reference page 279

Table 41 Command output
Field
Interface
path MTU
Protocol
IPsec policy name
sequence number
acl version
mode
PFS
DH group
tunnel
local address
remote address
flow
current outbound spi
sour addr
dest addr
port
protocol
inbound
outbound
spi
transform
in use setting
connection id
sa duration
sa remaining duration
anti-replay detection
anti-replay window size(time
based)
anti-replay window (counter
based)
udp encapsulation used for nat
traversal
Description
Interface referencing the IPsec policy.
Maximum IP packet length supported by the interface.
Name of the protocol to which the IPsec policy is applied.
Name of IPsec policy used.
Sequence number of the IPsec policy.
ACL version, IPv4 ACL and IPv6 ACL.
If no ACL is referenced, this field displays None.
For an IPsec SA established in GDOI mode, this field is not displayed.
IPsec negotiation mode.
Whether the perfect forward secrecy feature is enabled.
Used DH group. Its value can be none, 1, 2, 5, or 14.
IPsec tunnel.
Local IP address of the IPsec tunnel.
Remote IP address of the IPsec tunnel.
Data flow.
Value of the SPI used in the outbound direction.
Source IP address of the data flow.
Destination IP address of the data flow.
Port number.
Protocol type.
Information of the inbound SA.
Information of the outbound SA.
Security parameter index.
Security protocol and algorithms used by the IPsec transform set.
IPsec SA attribute setting: transport or tunnel.
IPsec tunnel identifier.
Lifetime of the IPsec SA.
Remaining lifetime of the SA.
Whether IPsec anti-replay detection is enabled.
Anti-replay window size (time-based), in seconds.
This field is not displayed if IPsec anti-replay detection is not enabled.
Anti-replay window size (traffic-based). Its value can be 32, 64, 128,
256, 512, or 1024.
This field is not displayed if IPsec anti-replay detection is not enabled.
Whether NAT traversal is enabled for the SA.
266