R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

Table 22 Command output

Field Description

Interface Interface referencing the IPsec policy.

path MTU Maximum IP packet length supported by the interface.

Protocol Name of the protocol to which the IPsec policy is applied.

IPsec policy name Name of IPsec policy used.

sequence number Sequence number of the IPsec policy.

mode IPsec negotiation mode.

connection id IPsec tunnel identifier.

encapsulation mode Encapsulation mode, transport or tunnel.

perfect forward secrecy Whether the perfect forward secrecy feature is enabled.

tunnel IPsec tunnel.

local address Local IP address of the IPsec tunnel.

remote address Remote IP address of the IPsec tunnel.

flow Data flow.

sour addr Source IP address of the data flow.

dest addr Destination IP address of the data flow.

port Port number.

protocol Protocol type.

inbound Information of the inbound SA.

spi Security parameter index.

proposal Security protocol and algorithms used by the IPsec proposal.

sa duration Lifetime of the IPsec SA.

sa remaining key duration Remaining lifetime of the SA.

max received sequence-number

Maximum sequence number of the received packets (relevant to the

anti-replay function provided by the security protocol).

udp encapsulation used for nat

traversal

Whether NAT traversal is enabled for the SA.

outbound Information of the outbound SA.

max sent sequence-number

Maximum sequence number of the sent packets (relevant to the

anti-replay function provided by the security protocol).

anti-replay check enable Whether IPsec anti-replay checking is enabled.

anti-replay window size Size of the anti-replay window.

status

Whether the SA is in the active or standby state.

This field is displayed only when IPsec stateful failover is enabled.