Table of Contents
Advertisement
inbound:
7000
Tunnel:
local
address: 1.2.3.1
remote address: 2.2.2.2
Flow:
as defined in ACL 3100
# Display detailed information about IPsec tunnel 1.
<Sysname> display ipsec tunnel tunnel-id 1
Tunnel ID: 1
Status: Active
Perfect forward secrecy:
Inside vpn-instance:
SA's SPI:
outbound:
6000
inbound:
5000
outbound:
8000
inbound:
7000
Tunnel:
local
address: 1.2.3.1
remote address: 2.2.2.2
Flow:
as defined in ACL 3100
Table 9 Command output
Field
Tunnel ID
Status
Perfect forward secrecy
Inside vpn-instance
SA's SPI
Tunnel
local address
remote address
Flow
as defined in ACL 3001
(0x00001b58)
[ESP]
(0x00001770)
[AH]
(0x00001388)
[AH]
(0x00001f40)
[ESP]
(0x00001b58)
[ESP]
Description
IPsec ID, used to uniquely identify an IPsec tunnel.
IPsec tunnel status, which can only be Active.
Perfect Forward Secrecy (PFS) used by the IPsec policy for negotiation:
•
768-bit Diffie-Hellman group (dh-group1).
•
1024-bit Diffie-Hellman group (dh-group2).
•
1536-bit Diffie-Hellman group (dh-group5).
•
2048-bit Diffie-Hellman group (dh-group14).
•
2048-bit and 256_bit subgroup Diffie-Hellman group (dh-group24).
•
256-bit ECP Diffie-Hellman group (dh-group19).
•
384-bit ECP Diffie-Hellman group (dh-group20).
Name of the VPN instance to which the IPsec-protected data belongs.
SPIs of the inbound and outbound SAs.
Local and remote addresses of the IPsec tunnel.
Local end IP address of the IPsec tunnel.
Remote end IP address of the IPsec tunnel.
Information about the data flow protected by the IPsec tunnel, including
source IP address, destination IP address, source port, destination port,
and protocol.
Range of data flow protected by the IPsec tunnel that is established
manually. This information shows that the IPsec tunnel protects all data
flows defined by ACL 3001.
21
Advertisement
Chapters
Table of Contents
