R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
78
outbound : 675720232 (0x2846ac28) [ESP]
tunnel :
local address: 44.44.44.44
remote address : 44.44.44.45
flow :
as defined in acl 3001
Table 24 Command output
Field Description
connection id Connection ID, used to uniquely identify an IPsec Tunnel
status
Whether the tunnel is in the active or standby state.
This field is displayed only when IPsec stateful failover is enabled.
perfect forward secrecy
Perfect forward secrecy, indicating which DH group is to be used for fast
negotiation mode in IKE phase 2
SA's SPI SPIs of the inbound and outbound SAs
tunnel Local and remote addresses of the tunnel
flow
Data flow protected by the IPsec tunnel, including source IP address,
destination IP address, source port, destination port and protocol
as defined in acl 3001 The IPsec tunnel protects all data flows defined by ACL 3001
encapsulation-mode
Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
View
IPsec proposal view
Default level
2: System level
Parameters
transport: Uses transport mode.
tunnel: Uses tunnel mode.
Description
Use encapsulation-mode to set the encapsulation mode that the security protocol uses to encapsulate IP
packets.
Use undo encapsulation-mode to restore the default.
By default, a security protocol encapsulates IP packets in tunnel mode.
IPsec for IPv6 routing protocols supports only the transport mode.
Related commands: ipsec proposal.