520
<Sysname> display ipsec sa brief
-----------------------------------------------------------------------
Interface/Global Dst Address SPI Protocol Status
-----------------------------------------------------------------------
GE1/0/1 10.1.1.1 400 ESP Active
GE1/0/1 255.255.255.255 4294967295 ESP Active
GE1/0/1 100::1/64 500 AH Active
Global -- 600 ESP Active
Table 79 Command output
Interface/Global
Interface where the IPsec SA belongs to or global IPsec SA (created by using an
IPsec profile).
Dst Address
Remote end IP address of the IPsec tunnel.
For the IPsec SAs created by using IPsec profiles, this field displays two hyphens
(
--
).
SPI IPsec SA SPI.
Protocol Security protocol used by IPsec.
Status
Status of the IPsec SA:
Active
or
Standby
.
In a VSRP scenario, this field displays either
Active
or
Standby
.
In standalone mode, this field always displays
Active
.
# Display the number of IPsec SAs.
<Sysname> display ipsec sa count
Total IPsec SAs count: 4
# Display detailed information about all IPsec SAs.
<Sysname> display ipsec sa
-------------------------------
Interface: GigabitEthernet1/0/1
-------------------------------
-----------------------------
IPsec policy: r2
Sequence number: 1
Mode: ISAKMP
-----------------------------
Tunnel id: 3
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Inside VPN:
Extended Sequence Numbers enable: Y
Traffic Flow Confidentiality enable: N
Path MTU: 1443
Tunnel:
local address: 2.2.2.2
remote address: 1.1.1.2
Flow:
sour addr: 192.168.2.0/255.255.255.0 port: 0 protocol: ip
To Next Page
Loading...
Need help?
General
