307
Interface/Global Dst Address SPI Protocol Status
-----------------------------------------------------------------------
GE2/1/1 10.1.1.1 400 ESP active
GE2/1/1 255.255.255.255 4294967295 ESP active
GE2/1/1 100::1/64 500 AH active
global -- 600 ESP active
Table 39 Command output
Field Descri
tion
Interface/Global
Interface where the IPsec SA belongs to or global IPsec SA (created by using an IPsec
profile).
Dst Address
Remote end IP address of the IPsec tunnel.
For the IPsec SAs created by using IPsec profiles, this field displays two hyphens (--).
SPI IPsec SA SPI.
Protocol Security protocol used by IPsec.
Status
Stateful failover status of the IPsec SA: active or backup.
In standalone mode, this field displays two hyphens (--).
# Display the number of IPsec SAs.
<Sysname> display ipsec sa count
Total IPsec SAs count: 4
# Display information about all IPsec SAs.
<Sysname> display ipsec sa
-------------------------------
Interface: GigabitEthernet2/1/1
-------------------------------
-----------------------------
IPsec policy: r2
Sequence number: 1
Mode: isakmp
-----------------------------
Tunnel id: 3
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Path MTU: 1443
Tunnel:
local address: 2.2.2.2
remote address: 1.1.1.2
Flow:
sour addr: 192.168.2.0/255.255.255.0 port: 0 protocol: IP
dest addr: 192.168.1.0/255.255.255.0 port: 0 protocol: IP
[Inbound ESP SAs]
SPI: 3564837569 (0xd47b1ac1)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
To Next Page
Loading...
