R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101
14
Field Description
authentication algorithm Authentication algorithm used by the IKE proposal
encryption algorithm Encryption algorithm used by the IKE proposal
Diffie-Hellman group DH group used in IKE negotiation phase 1
duration (seconds) ISAKMP SA lifetime of the IKE proposal in seconds
display ike sa
Syntax
display ike sa [ verbose [ connection-id connection-id | remote-address remote-address ] ]
View
Any view
Default level
1: Monitor level
Parameters
verbose: Displays detailed information.
connection-id: Displays detailed information about IKE SAs by connection ID, in the range 1 to
2000000000.
remote-address: Displays detailed information about IKE SAs by remote address.
Description
Use the display ike sa command to display information about the current IKE SAs.
If you do not specify any parameters or keywords, the command displays brief information about the
current IKE SAs.
Related commands: ike proposal and ike peer.
Examples
# Display brief information about the current IKE SAs.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
Table 5 Output description
Field Description
total phase-1 SAs Total number of SAs for phase 1
connection-id Identifier of the ISAKMP SA
peer Remote IP address of the SA