R2511-HP MSR Router Series Security Command Reference(V5)
246
Usage guidelines
If you do not specify any parameters or keywords, the command displays brief information about the
current IKE SAs.
Examples
# Display brief information about the current IKE SAs.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
# Display brief information about IKE SAs and rekey SAs of GDOI type.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi status
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 GROUP
2 202.38.0.2 RD|RK 1 GROUP
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT RK-REKEY
Table 31 Command output
Field Descri
p
tion
total phase-1 SAs Total number of SAs for phase 1.
connection-id Identifier of the ISAKMP SA.
peer Remote IP address of the SA.
flag
Status of the SA:
• RD (READY)—The SA has been established.
• ST (STAYALIVE)—This end is the initiator of the tunnel negotiation.
• RL (REPLACED)—The tunnel has been replaced by a new one and will be deleted
later.
• FD (FADING)—The soft lifetime is over but the tunnel is still in use. The tunnel will
be deleted when the hard lifetime is over.
• TO (TIMEOUT)—The SA has received no keepalive packets after the last
keepalive timeout. If no keepalive packets are received before the next keepalive
timeout, the SA will be deleted.
• RK (REKEY)—The SA is a rekey SA.
phase
The phase the SA belongs to:
• Phase 1—The phase for establishing the ISAKMP SA.
• Phase 2—The phase for negotiating the security service. IPsec SAs are
established in this phase.