R21xx-HP FlexFabric 11900 Security Command Reference
199
count: Displays the number of IPsec tunnels.
tunnel-id tunnel-id: Specifies an IPsec tunnel by its ID. The value range is 0 to 4294967295.
Usage guidelines
IPsec is a Layer 3 VPN technology that transmits data in a secure channel established between two
endpoints (such as two security gateways). Such a secure channel is usually called an IPsec tunnel.
Examples
# Display brief information about all IPsec tunnels.
<Sysname> display ipsec tunnel brief
----------------------------------------------------------------------------
Tunn-id Src Address Dst Address Inbound SPI Outbound SPI Status
----------------------------------------------------------------------------
0 -- -- 1000 2000 active
3000 4000
1 1.2.3.1 2.2.2.2 5000 6000 active
7000 8000
Table 32 Command output
Field Descri
p
tion
Src Address
Source IP address of the IPsec tunnel.
For IPsec SAs created by using IPsec profiles, "–" is displayed in this field.
Dst Address
Destination IP address of the IPsec tunnel.
For IPsec SAs created by using IPsec profiles, "–" is displayed in this field.
Inbound SPI
Valid SPI in the inbound direction of the IPsec tunnel.
If the tunnel uses two security protocols, two SPIs in the inbound direction are
displayed in two lines.
Outbound SPI
Valid SPI in the outbound direction of the IPsec tunnel.
If the tunnel uses two security protocols, two SPIs in the outbound direction are
displayed in two lines.
Status
Stateful failover status of the IPsec SA: active or backup.
Currently, "active" is displayed for all cases.
# Display the number of IPsec tunnels.
<Sysname> display ipsec tunnel count
Total IPsec Tunnel Count: 2
# Display information about all IPsec tunnels.
<Sysname> display ipsec tunnel
Tunnel ID: 0
Status: active
Perfect forward secrecy:
SA's SPI:
outbound: 2000 (0x000007d0) [AH]
inbound: 1000 (0x000003e8) [AH]
outbound: 4000 (0x00000fa0) [ESP]
inbound: 3000 (0x00000bb8) [ESP]