HPE FlexNetwork MSR Series

To Next Page

To Previous Page

475

connection-id peer flag phase doi status

----------------------------------------------------------------------------

658 100.1.1.100 RD|ST 1 GROUP --

659 100.1.1.100 RD|RK 1 GROUP --

flag meaning

RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY

The output shows the IKE SA and rekey SA generated after IKE negotiation. The SA with

connection-id of 658 is the IKE SA, and the SA with connection-id of 659 is the rekey SA.

# Execute the display ipsec sa command on GM 1 to display IPsec SAs.

[GM1] display ipsec sa

===============================

Interface: Ethernet1/1

path MTU: 1500

===============================

-----------------------------

IPsec policy name: "map"

sequence number: 1

mode: gdoi

-----------------------------

PFS: N, DH group: none

tunnel:

local address: 1.1.1.1

remote address: 0.0.0.0

flow:

sour addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP

dest addr: 10.1.2.0/255.255.255.0 port: 0 protocol: IP

current outbound spi: 0xDB865076(3683012726)

[inbound ESP SAs]

spi: 0xDB865076(3683012726)

transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1

in use setting: Transport

connection id: 317

sa duration (kilobytes/sec): 0/900

sa remaining duration (kilobytes/sec): 0/63

anti-replay detection: Disabled

spi: 0x640321A(104870426)

transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1

in use setting: Transport

connection id: 325

sa duration (kilobytes/sec): 0/900

sa remaining duration (kilobytes/sec): 0/853

anti-replay detection: Disabled

Main Page

HPE FlexNetwork MSR Series

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Related product manuals