Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 6 IKE Configuration Commands
3Com Corporation
6-8
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO-TIMEOUT
The descriptions of the items displayed are listed in the following table.
Table 6-3 Description on the fields of the display ike sa command
Field Description
total phase-1 SAs
Total number of SAs in the first phase of
IKE negotiation
connection-id Security tunnel ID
peer Remote IP address of this SA
flag
Display the status of this SA
RD (READY) means this SA has been
established successfully
ST (STAYALIVE) means that SA
duration is negotiated, and this SA will
be refreshed in fixed interval.
RL (REPLACED) means that this SA
has been replaced by a new one, and
will be automatically deleted after a
period of time.
FD (FADING) means this SA has been
soft timeout, but is still in use, and will be
deleted at the time of hard timeout.
TO (TIMEOUT) means this SA have not
received any keepalive packet after
previous keepalive timeout occurred. If
this SA receives no keepalive packet till
next keepalive timeout occurs, this SA
will be deleted.
phase
Phase of the SA:
Phase 1: a phase of establishing
security tunnel to communicate,
ISAKMP SA will be established in the
phase;
Phase 2: a phase of negotiating security
service, IPSec SA will be established in
the phase.
doi Domain of Interpretation
6.1.8 encryption-algorithm
Syntax
encryption-algorithm { des-cbc | 3des-cbc | aes-cbc [ 128 |192 |256 ] }