R3303-HP HSR6800 Routers Security Command Reference
275
Field Description
encapsulation mode
Encapsulation mode for the IPsec profile:
• dvpn—DVPN tunnel mode.
• tunnel—IPsec tunnel mode.
security data flow
ACL referenced by the IPsec profile.
As an IPsec profile does not reference any ACL, no information is
displayed for this field.
ike-peer name IKE peer referenced by the IPsec profile.
PFS Whether perfect forward secrecy is enabled.
DH group Used DH group. Its value can be 1, 2, 5, or 14.
transport-set name IPsec transform set referenced by the IPsec profile.
IPsec sa local duration(time based) Time-based SA lifetime at the local end.
IPsec sa local duration(traffic based) Traffic-based SA lifetime at the local end.
policy enable Whether the IPsec policy is enabled.
tfc enable Whether TFC padding is enabled.
Related commands
ipsec profile
display ipsec sa
Use display ipsec sa to display information about IPsec SAs.
Syntax
display ipsec sa [ brief | policy policy-name [ seq-number ] | remote [ ipv6 ] ip-address ] [ | { begin |
exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
brief: Displays brief information about all IPsec SAs.
policy: Displays detailed information about IPsec SAs created by using a specific IPsec policy.
policy-name: Specifies the name of the IPsec policy, a string 1 to 15 characters.
seq-number: Specifies the sequence number of the IPsec policy, in the range of 1 to 65535.
remote: Displays detailed information about the IPsec SA with a specific remote address.
ipv6: Specifies an IPv6 address.
ip-address: Specifies the remote IP address.
|: Filters command output by specifying a regular expression. For more information about regular
expressions, see Fundamentals Configuration Guide.