Table 49 Output description
Field
IPsec proposal name
encapsulation mode
transform
AH protocol
ESP protocol
display ipsec sa
Syntax
display ipsec sa [ brief | policy policy-name [ seq-number ] | remote ip-address ] [ | { begin | exclude
| include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
brief: Displays brief information about all IPsec SAs.
policy: Displays detailed information about IPsec SAs created by using a specified IPsec policy.
policy-name: Name of the IPsec policy, a string 1 to 15 characters.
seq-number: Sequence number of the IPsec policy, in the range 1 to 65535.
remote ip-address: Displays detailed information about the IPsec SA with a specified remote address.
|: Filters command output by specifying a regular expression. For more information about regular
expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ipsec sa command to display information about IPsec SAs.
If you do not specify any parameters, the command displays information about all IPsec SAs.
Related commands: reset ipsec sa and ipsec sa global-duration.
Examples
# Display brief information about all IPsec SAs.
<Sysname> display ipsec sa brief
Src Address
Description
Name of the IPsec proposal
Encapsulation mode used by the IPsec proposal, transport or tunnel
Security protocol(s) used by the IPsec proposal: AH, ESP, or both. If both
protocols are configured, IPsec uses ESP before AH.
Authentication algorithm used by AH
Authentication algorithm and encryption algorithm used by ESP
Dst Address
SPI
Protocol
Algorithm
324