326
[outbound ESP SAs]
spi: 801701189 (0x2fc8fd45)
proposal: ESP-ENCRYPT-AES-CBC-192 ESP-AUTH-SHA1
sa duration (kilobytes/sec): 4294967295/604800
sa remaining duration (kilobytes/sec): 1843200/2686
max sent sequence-number: 6
udp encapsulation used for nat traversal: N
Table 51 Output description
Field Descri
tion
Interface Interface referencing the IPsec policy.
path MTU Maximum IP packet length supported by the interface.
Protocol Name of the protocol to which the IPsec policy is applied.
IPsec policy name Name of IPsec policy used.
sequence number Sequence number of the IPsec policy.
mode IPsec negotiation mode.
connection id IPsec tunnel identifier.
encapsulation mode Encapsulation mode, transport or tunnel.
perfect forward secrecy Whether the perfect forward secrecy feature is enabled.
tunnel IPsec tunnel.
local address Local IP address of the IPsec tunnel.
remote address Remote IP address of the IPsec tunnel.
flow Data flow.
sour addr Source IP address of the data flow.
dest addr Destination IP address of the data flow.
port Port number.
protocol Protocol type.
inbound Information of the inbound SA.
spi Security parameter index.
proposal Security protocol and algorithms used by the IPsec proposal.
sa duration Lifetime of the IPsec SA.
sa remaining key duration Remaining lifetime of the SA.
max received sequence-number
Maximum sequence number of the received packets (relevant to the
anti-replay function provided by the security protocol).
udp encapsulation used for nat
traversal
Whether NAT traversal is enabled for the SA.
outbound Information of the outbound SA.
max sent sequence-number
Maximum sequence number of the sent packets (relevant to the
anti-replay function provided by the security protocol).