Table of Contents
Advertisement
Global
Table 4 Command output
Field
Interface/Global
Dst Address
SPI
Protocol
Status
# Display the number of IPsec SAs.
<Sysname> display ipsec sa count
Total IPsec SAs count: 4
# Display detailed information about all IPsec SAs.
<Sysname> display ipsec sa
-------------------------------
Interface: Vlan-interface100
-------------------------------
-----------------------------
IPsec policy: r2
Sequence number: 1
Mode: ISAKMP
-----------------------------
Tunnel id: 3
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Inside VRF: vp1
Extended Sequence Numbers enable: Y
Traffic Flow Confidentiality enable: N
Path MTU: 1443
Transmitting entity: Initiator
Tunnel:
local
address: 2.2.2.2
remote address: 1.1.1.2
Flow:
sour addr: 192.168.2.0/255.255.255.0
dest addr: 192.168.1.0/255.255.255.0
[Inbound ESP SAs]
SPI: 3564837569 (0xd47b1ac1)
Connection ID: 90194313219
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 4294967295/604800
SA remaining duration (kilobytes/sec): 1843200/2686
--
600
Description
Interface where the IPsec SA belongs to or global IPsec SA (created by using an
IPsec profile).
Remote end IP address of the IPsec tunnel.
For the IPsec SAs created by using IPsec profiles, this field displays two hyphens
(--).
IPsec SA SPI.
Security protocol used by IPsec.
Status of the IPsec SA, which can only be Active.
13
ESP
Active
port: 0
protocol: ip
port: 0
protocol: ip
Advertisement
Chapters
Table of Contents
