display ipsec session
Syntax
View
Parameter
Description
Related command:
Example
Table 565 Description on the fields of the display ipsec sa command
Field
sa remaining key
duration
max received
sequence-number
udp encapsulation used
for nat traversal
outbound
max sent
sequence-number
display ipsec session [ tunnel-id integer ]
Any view
integer: ID of the IPSec tunnel, in the range 1 to 2000000000.
Use the
display ipsec session
specified or all IPSec sessions.
IPSec can find matched tunnels directly by session, reducing the intermediate
matching procedures and therefore improving the forwarding efficiency. A session
is identified by the quintuplet of protocol, source IP address, source port,
destination IP address, and destination port.
reset ipsec session.
# Display information about all IPSec sessions.
<Sysname> display ipsec session
------------------------------------------------------------
total sessions : 2
------------------------------------------------------------
tunnel-id : 3
session idle time/total duration (sec) : 36/300
session flow :
Sour Addr : 15.15.15.1
Dest Addr : 15.15.15.2
------------------------------------------------------------
tunnel-id : 4
session idle time/total duration (sec) : 7/300
session flow :
Sour Addr : 12.12.12.1
Dest Addr : 13.13.13.1
# Display information about the session with an IPSec tunnel ID of 5.
Description
Remaining lifetime of the SA
Maximum sequence number of the received packets (relevant to the
anti-replay function provided by the security protocol)
Whether NAT traversal is enabled for the SA
Information of the outbound SA
Maximum sequence number of the sent packets (relevant to the
anti-replay function provided by the security protocol)
command to display information about a
(8 times matched)
(3 times matched)
Sour Port:
0
Protocol : 1
Dest Port:
0
Protocol : 1
Sour Port:
0
Protocol : 1
Dest Port:
0
Protocol : 1
2127