2158
C
141: IKE C
HAPTER
Example
C
ONFIGURATION
OMMANDS
# Display brief information about the current IKE SAs.
<Sysname> display ike sa
total phase-1 SAs:
connection-id
----------------------------------------------------------
1
2
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO--TIMEOUT
Table 572 Description on the fields of the display ike sa command
Field
total phase-1 SAs
connection-id
peer
flag
phase
doi
# Display detailed information about the current IKE SAs.
<Sysname>display ike sa verbose
---------------------------------------------
connection id: 2
transmitting entity: initiator
---------------------------------------------
local ip: 4.4.4.4
local id type: IPV4_ADDR
local id: 4.4.4.4
remote ip: 4.4.4.5
remote id type: IPV4_ADDR
remote id: 4.4.4.5
authentication-method: PRE-SHARED-KEY
authentication-algorithm: HASH-SHA1
encryption-algorithm: DES-CBC
life duration(sec): 86400
remaining key duration(sec): 86379
exchange-mode: MAIN
1
peer
flag
202.38.0.2
RD|ST
202.38.0.2
RD|ST
Description
Total number of SAs in phase 1
Identifier of the IPSec tunnel
Remote IP address of the SA
Status of the SA:
RD (READY): the SA has been established.
■
ST (STAYALIVE): This end is the initiator of the tunnel negotiation.
■
RL (REPLACED): The tunnel has been replaced by a new one and will
■
be deleted later.
FD (FADING): The tunnel is soft timed out but still in use. It will be
■
deleted when it is hard timed out.
TO (TIMEOUT): The SA has received no keepalive packets after the
■
last keepalive timeout. If no keepalive packets are received before
the next keepalive timeout, the SA will be deleted.
The phase the SA belongs to:
Phase 1: The phase for establishing the ISAKMP SA.
■
Phase 2: The phase for negotiating the security service. IPSec SAs
■
are established in this phase.
Domain of interpretation the SA belongs to
phase
doi
1
IPSEC
2
IPSEC