F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
195
Link: ADM - administratively down; Stby – standby
Protocol: (s) – spoofing
Interface Link Protocol Main IP Description
Tun1 UP UP 10.1.1.2
# Execute the display ike sa command on Firewall B. You can see that the SAs of two phases are
established.
[FirewallB] display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
2 1.1.1.2 RD 2 IPSEC
1 1.1.1.2 RD 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT
# View the IPsec SA information on Firewall B.
[FirewallB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------
IPsec policy name: "btoa"
mode: tunnel
-----------------------------
connection id: 3
encapsulation mode: tunnel
perfect forward secrecy:
tunnel:
local address: 1.1.1.1
remote address: 1.1.1.2
flow :
sour addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
dest addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
[inbound ESP SAs]
spi: 1974923076 (0x75b6ef44)
transform-set: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
max sequence-number received: 5
anti-replay check enable: Y
anti-replay window size: 32
udp encapsulation used for nat traversal: N
[outbound ESP SAs]
spi: 2364632148 (0x8cf16c54)