R21xx-HP FlexFabric 11900 Security Command Reference
236
network-operator
Parameters
verbose: Displays detailed information.
connection-id connection-id: Displays detailed information about IKE SAs by connection ID, in the range
1 to 2000000000.
remote-address: Displays detailed information about IKE SAs with the specified remote address.
ipv6: Specifies an IPv6 address.
remote-address: Remote IP address.
vpn-instance vpn-name: Displays detailed information about IKE SAs in an MPLS L3VPN. The vpn-name
argument is a case-sensitive string of 1 to 31 characters. To display information about IKE SAs on the
public network, do not specify this parameter.
Usage guidelines
If you do not specify any parameter, the command displays summary about all IKE SAs.
Examples
# display information about the current IKE SAs.
<Sysname> display ike sa
Connection-ID Remote Flag DOI
----------------------------------------------------------
1 202.38.0.2 RD IPSEC
Flags:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING
Table 35 Command output
Field Descri
p
tion
Connection-ID Identifier of the IKE SA.
Remote Remote IP address of the SA.
Flags
Status of the SA:
• RD (READY)—The SA has been established.
• RL (REPLACED)—The tunnel has been replaced by a new one and will be deleted later.
• ST (STAYALIVE)—This end is the initiator of the tunnel negotiation.
• FD (FADING)—The soft lifetime is over but the tunnel is still in use. The tunnel will be
deleted when the hard lifetime is over.
DOI Interpretation domain the SA belongs to.
# Display detailed information about the current IKE SAs.
<Sysname> display ike sa verbose
---------------------------------------------
Connection ID: 2
Outside VPN: 1
Inside VPN: 1
Profile: prof1
Transmitting entity: Initiator
---------------------------------------------