Setup guide
lifebytes (read-only: integer) - soft/hard expiration threshold for amount of processed data
current-addtime (read-only: text) - time when this SA was installed
current-usetime (read-only: text) - time when this SA was first used
current-bytes (read-only: integer) - amount of data processed by this SA's crypto algorithms
Example
Sample printout looks as follows:
[admin@WiFi] ip ipsec> installed-sa print
Flags: A - AH, E - ESP, P - pfs, M - manual
0 E spi=E727605 direction=in src-address=10.0.0.148
dst-address=10.0.0.147 auth-algorithm=sha1 enc-algorithm=3des
replay=4 state=mature
auth-key="ecc5f4aee1b297739ec88e324d7cfb8594aa6c35"
enc-key="d6943b8ea582582e449bde085c9471ab0b209783c9eb4bbd"
add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0
current-addtime=jan/28/2003 20:55:12
current-usetime=jan/28/2003 20:55:23 current-bytes=128
1 E spi=E15CEE06 direction=out src-address=10.0.0.147
dst-address=10.0.0.148 auth-algorithm=sha1 enc-algorithm=3des
replay=4 state=mature
auth-key="8ac9dc7ecebfed9cd1030ae3b07b32e8e5cb98af"
enc-key="8a8073a7afd0f74518c10438a0023e64cc660ed69845ca3c"
add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0
current-addtime=jan/28/2003 20:55:12
current-usetime=jan/28/2003 20:55:12 current-bytes=512
[admin@WiFi] ip ipsec>
Flushing Installed SA Table
Command name: /ip ipsec installed-sa flush
Description
Sometimes after incorrect/incomplete negotiations took place, it is required to flush manually the
installed SA table so that SA could be renegotiated. This option is provided by the flush command.
Property Description
sa-type (multiple choice: ah | all | esp; default: all) - specifies SA types to flush
• ah - delete AH protocol SAs only
• esp - delete ESP protocol SAs only
• all - delete both ESP and AH protocols SAs
Example
To flush all the SAs installed:
[admin@Wandy] ip ipsec installed-sa> flush
[admin@Wandy] ip ipsec installed-sa> print
[admin@Wandy] ip ipsec installed-sa>
Counters