R3303-HP HSR6800 Routers Security Command Reference
325
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO--TIMEOUT RK-REKEY
Table 49 Command output
Field Descri
p
tion
total phase-1 SAs Total number of SAs for phase 1.
connection-id Identifier of the ISAKMP SA.
peer Remote IP address of the SA.
flag
Status of the SA:
• RD (READY)—The SA has been established.
• ST (STAYALIVE)—This end is the initiator of the tunnel negotiation.
• RL (REPLACED)—The tunnel has been replaced by a new one and will be deleted
later.
• FD (FADING)—The soft lifetime is over but the tunnel is still in use. The tunnel will
be deleted when the hard lifetime is over.
• TO (TIMEOUT)—The SA has received no keepalive packets after the last
keepalive timeout. If no keepalive packets are received before the next keepalive
timeout, the SA will be deleted.
• RK (REKEY)—The SA is a re-negotiated SA.
phase
The phase the SA belongs to:
• Phase 1—The phase for establishing the ISAKMP SA.
• Phase 2—The phase for negotiating the security service. IPsec SAs are
established in this phase.
doi
Interpretation domain to which the SA belongs:
• IPSEC—IKE is used for negotiation.
• GROUP—GDOI is used for negotiation.
# Display detailed information about the current IKE SAs.
<Sysname> display ike sa verbose
---------------------------------------------
vpn-instance: 1
transmitting entity: initiator
---------------------------------------------
local id type: IPV4_ADDR
local id: 4.4.4.4
remote id type: IPV4_ADDR
remote id: 4.4.4.5
local ip: 4.4.4.4
remote ip: 4.4.4.5
connection id: 2
authentication-method: PRE-SHARED-KEY
authentication-algorithm: HASH-SHA1