R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

201

202

203

204

205

206

207

208

209

210

200

Tunnel:

local address:

remote address:

Flow:

Tunnel ID: 1

Status: active

Perfect forward secrecy:

SA's SPI:

outbound: 6000 (0x00001770) [AH]

inbound: 5000 (0x00001388) [AH]

outbound: 8000 (0x00001f40) [ESP]

inbound: 7000 (0x00001b58) [ESP]

Tunnel:

local address: 1.2.3.1

remote address: 2.2.2.2

Flow:

as defined in ACL 3100

# Display information about IPsec tunnel 1.

<Sysname> display ipsec tunnel tunnel-id 1

Tunnel ID: 1

Status: active

Perfect forward secrecy:

SA's SPI:

outbound: 6000 (0x00001770) [AH]

inbound: 5000 (0x00001388) [AH]

outbound: 8000 (0x00001f40) [ESP]

inbound: 7000 (0x00001b58) [ESP]

Tunnel:

local address: 1.2.3.1

remote address: 2.2.2.2

Flow:

as defined in ACL 3100

Table 33 Command output

Field Description

Tunnel ID IPsec ID, used to uniquely identify an IPsec tunnel.

Status IPsec tunnel status. Currently, only active is available.

Perfect Forward Secrecy

Perfect forward secrecy (PFS) used by the IPsec policy for negotiation:

• 768-bit Diffie-Hellman group (dh-group1)

• 1024-bit Diffie-Hellman group (dh-group2)

• 1536-bit Diffie-Hellman group (dh-group5)

• 2048-bit Diffie-Hellman group (dh-group14)

• 2048-bit and 256_bit subgroup Diffie-Hellman group (dh-group24)

SA's SPI SPIs of the inbound and outbound SAs.

Tunnel Local and remote addresses of the IPsec tunnel.