HP VPN Firewall Appliances VPN Command Reference
32
• dh
• sa duration
display ike sa
Use display ike sa to display information about the current IKE SAs.
Syntax
display ike sa [ active | standby | verbose [ connection-id connection-id | remote-address
remote-address ] ] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
active: Displays the summary of active IKE SAs in an IPsec stateful failover scenario.
standby: Displays the summary of standby IKE SAs in an IPsec stateful failover scenario.
verbose: Displays detailed information.
connection-id connection-id: Displays detailed information about IKE SAs by connection ID, in the range
1 to 2000000000.
remote: Displays detailed information about IKE SAs with a specified remote address.
ip-address: Remote address.
|: Filters command output by specifying a regular expression. For more information about regular
expressions, see Getting Started Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
If you do not specify any parameters or keywords, the command displays brief information about the
current IKE SAs.
Examples
# Display brief information about the current IKE SAs.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT