475
connection-id peer flag phase doi status
----------------------------------------------------------------------------
658 100.1.1.100 RD|ST 1 GROUP --
659 100.1.1.100 RD|RK 1 GROUP --
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY
The output shows the IKE SA and rekey SA generated after IKE negotiation. The SA with
connection-id of 658 is the IKE SA, and the SA with connection-id of 659 is the rekey SA.
# Execute the display ipsec sa command on GM 1 to display IPsec SAs.
[GM1] display ipsec sa
===============================
Interface: Ethernet1/1
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map"
sequence number: 1
mode: gdoi
-----------------------------
PFS: N, DH group: none
tunnel:
local address: 1.1.1.1
remote address: 0.0.0.0
flow:
sour addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP
dest addr: 10.1.2.0/255.255.255.0 port: 0 protocol: IP
current outbound spi: 0xDB865076(3683012726)
[inbound ESP SAs]
spi: 0xDB865076(3683012726)
transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
in use setting: Transport
connection id: 317
sa duration (kilobytes/sec): 0/900
sa remaining duration (kilobytes/sec): 0/63
anti-replay detection: Disabled
spi: 0x640321A(104870426)
transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
in use setting: Transport
connection id: 325
sa duration (kilobytes/sec): 0/900
sa remaining duration (kilobytes/sec): 0/853
anti-replay detection: Disabled
To Next Page
Loading...
Need help?
General
