R2511-HP MSR Router Series Security Command Reference(V5)
189
===========================================
-----------------------------
IPsec profile name: "btoa"
mode: tunnel
-----------------------------
encapsulation mode: tunnel
security data flow :
ike-peer name: btoa
PFS: N
transform-set name: method1
synchronization inbound anti-replay-interval: 1000 packets
synchronization outbound anti-replay-interval: 10000 packets
IPsec sa local duration(time based): 3600 seconds
IPsec sa local duration(traffic based): 1843200 kilobytes
policy enable: True
tfc enable: False
Table 21 Command output
Field Description
Interface Interface that references the IPsec profile.
mode
Encapsulation mode for the IPsec profile:
• dvpn—DVPN tunnel mode.
• tunnel—IPsec tunnel mode.
encapsulation mode Mode in which IPsec encapsulates IP packets: tunnel or transport.
security data flow
ACL referenced by the IPsec profile.
Because an IPsec profile does not reference any ACL, this field is
blank.
ike-peer name IKE peer referenced by the IPsec profile.
synchronization inbound
anti-replay-interval
Interval at which the inbound anti-replay window is
synchronized. It is expressed in the number of received packets.
synchronization outbound
anti-replay-interval
Interval at which the outbound anti-replay sequence number is
synchronized. It is expressed in the number of sent packets.
PFS Whether the PFS feature is used.
DH group Used DH group, whose value can be 1, 2, 5, or 14.
transport-set name IPsec transform set referenced by the IPsec profile.
IPsec sa local duration(time based) Time-based SA lifetime at the local end.
IPsec sa local duration(traffic based) Traffic-based SA lifetime at the local end.
policy enable Whether the IPsec policy is enabled.
tfc enable Whether the TFC padding function is enabled or not.
Related commands
ipsec profile