H3C MSR Series Command Reference Manual page 551
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Inside vpn-instance:
SA's SPI:
outbound:
6000
inbound:
5000
outbound:
8000
inbound:
7000
Tunnel:
local
address: 1.2.3.1
remote address: 2.2.2.2
Flow:
as defined in ACL 3100
# Display detailed information about IPsec tunnel 1.
<Sysname> display ipsec tunnel tunnel-id 1
Tunnel ID: 1
Status: Active
Perfect Forward Secrecy:
Inside vpn-instance:
SA's SPI:
outbound:
6000
inbound:
5000
outbound:
8000
inbound:
7000
Tunnel:
local
address: 1.2.3.1
remote address: 2.2.2.2
Flow:
as defined in ACL 3100
Table 84 Command output
Field
Tunnel ID
Status
Perfect Forward Secrecy
SA's SPI
Tunnel
local address
remote address
(0x00001770)
[AH]
(0x00001388)
[AH]
(0x00001f40)
[ESP]
(0x00001b58)
[ESP]
(0x00001770)
[AH]
(0x00001388)
[AH]
(0x00001f40)
[ESP]
(0x00001b58)
[ESP]
Description
IPsec ID, used to uniquely identify an IPsec tunnel.
IPsec tunnel status: Active or Standby.
In a VSRP scenario, this field displays either Active or Standby.
In standalone mode, this field always displays Active.
Perfect Forward Secrecy (PFS) used by the IPsec policy for negotiation:
•
768-bit Diffie-Hellman group (dh-group1)
•
1024-bit Diffie-Hellman group (dh-group2)
•
1536-bit Diffie-Hellman group (dh-group5)
•
2048-bit Diffie-Hellman group (dh-group14)
•
2048-bit and 256_bit subgroup Diffie-Hellman group (dh-group24)
•
256-bit ECP Diffie-Hellman group (dh-group19)
•
384-bit ECP Diffie-Hellman group (dh-group20)
SPIs of the inbound and outbound SAs.
Local and remote addresses of the IPsec tunnel.
Local end IP address of the IPsec tunnel.
Remote end IP address of the IPsec tunnel.
528
Advertisement
Table of Contents
