H3C MSR Series Command Reference Manual page 545

Field
Sequence number
Mode
Tunnel id
Encapsulation mode
Perfect Forward Secrecy
Extended Sequence Numbers enable
Traffic Flow Confidentiality enable
Inside VPN
Path MTU
Tunnel
local address
remote address
Flow
sour addr
dest addr
port
protocol
Current outbound SPI
SPI
Connection ID
Transform set
SA duration (kilobytes/sec)
SA remaining duration (kilobytes/sec)
Max received sequence-number
Description
Sequence number of the IPsec policy entry.
Negotiation mode used by the IPsec policy:
•
Manual
•
ISAKMP
•
Template
•
GDOI
IPsec tunnel ID.
Encapsulation mode, transport or tunnel.
Perfect Forward Secrecy (PFS) used by the IPsec policy for
negotiation:
•
768-bit Diffie-Hellman group (dh-group1)
•
1024-bit Diffie-Hellman group (dh-group2)
•
1536-bit Diffie-Hellman group (dh-group5)
•
2048-bit Diffie-Hellman group (dh-group14)
•
2048-bit and 256_bit subgroup Diffie-Hellman group
(dh-group24)
•
256-bit ECP Diffie-Hellman group (dh-group19)
•
384-bit ECP Diffie-Hellman group (dh-group20)
Whether Extended Sequence Number (ESN) is enabled.
Whether Traffic Flow Confidentiality (TFC) padding is enabled.
VPN instance to which the protected data flow belongs.
Path MTU of the IPsec SA.
Local and remote addresses of the IPsec tunnel.
This field is not displayed if the negotiation mode is GDOI.
Local end IP address of the IPsec tunnel.
Remote end IP address of the IPsec tunnel.
Information about the data flow protected by the IPsec tunnel.
Source IP address of the data flow.
Destination IP address of the data flow.
Port number.
Protocol type:
•
ip—IPv4.
•
ipv6—IPv6.
SPI that the outbound IPsec SA currently uses.
This field is displayed when the negotiation mode is GDOI.
SPI of the IPsec SA.
Identifier of the IPsec SA.
Security protocol and algorithms used by the IPsec transform
set.
IPsec SA lifetime, in kilobytes or seconds.
Remaining IPsec SA lifetime, in kilobytes or seconds.
Max sequence number in the received packets.
522