R2511-HP MSR Router Series Security Configuration Guide(V5)
195
Link: ADM - administratively down; Stby – standby
Protocol: (s) – spoofing
Interface Link Protocol Main IP Description
Tun1 UP UP 10.1.1.2
# Execute the display ike sa command on Router B. The output shows that the SAs of two phases
are established.
[RouterB] display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 1.1.1.2 RD 1 IPSEC
2 1.1.1.2 RD 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT RK--REKEY
# You can also view the IPsec SA information.
[RouterB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------
IPsec policy name: "btoa"
sequence number: 1
acl version: None
mode: tunnel
-----------------------------
PFS: N, DH group: none
tunnel:
local address: 1.1.1.1
remote address: 1.1.1.2
flow :
sour addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
dest addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
[inbound ESP SAs]
spi: 0x75B6EF44(1974923076)
transform: ESP-ENCRYPT-DES ESP-AUTH-MD5
in use setting: Tunnel
connection id: 1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
anti-replay detection: Enabled
anti-replay window size(counter based): 32
udp encapsulation used for nat traversal: N
[outbound ESP SAs]