R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
72
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display ipsec sa to display information about IPsec SAs.
If you do not specify any parameters, the command displays information about all IPsec SAs.
Related commands: reset ipsec sa and ipsec sa global-duration.
Examples
# Display brief information about all IPsec SAs.
<Sysname> display ipsec sa brief
Src Address Dst Address SPI Protocol Algorithm
--------------------------------------------------------
10.1.1.1 10.1.1.2 300 ESP E:DES;
A:HMAC-MD5-96
10.1.1.2 10.1.1.1 400 ESP E:DES;
A:HMAC-MD5-96
Table 21 Command output
Field Description
Src Address Local IP address
Dst Address Remote IP address
SPI Security parameter index
Protocol Security protocol used by IPsec
Algorithm
Authentication algorithm and encryption algorithm used by the security protocol,
where E indicates the encryption algorithm and A indicates the authentication
algorithm. A value of NULL means that type of algorithm is not specified.
# Display detailed information about all IPsec SAs.
<Sysname> display ipsec sa
===============================
Interface: GigabitEthernet0/1
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "r2"
sequence number: 1
mode: isakmp
-----------------------------
connection id: 3
encapsulation mode: tunnel
perfect forward secrecy:
tunnel:
local address: 2.2.2.2
remote address: 1.1.1.2
flow:
sour addr: 192.168.2.0/255.255.255.0 port: 0 protocol: IP