R2511-HP MSR Router Series Security Configuration Guide(V5)
489
spi: 0x640321A(104870426)
transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
in use setting: Transport
connection id: 330
sa duration (kilobytes/sec): 0/900
sa remaining duration (kilobytes/sec): 0/851
anti-replay detection: Disabled
The output shows that two groups of IPsec SAs have been generated on GM 1 for secure communication
with other group members.
# Execute the display gdoi gm command to display the registration information on GM 1.
[GM1] display gdoi gm
Group Name: 1
Group Identity : 12345
Rekeys Received : 129
IPsec SA Direction : Both
Group Server List : 100.1.1.100
Group Member : 1.1.1.1
Registration status : Registered
Registered with : 100.1.1.100
Re-register in : 81 sec
Succeeded registrations : 1
Attempted registrations : 1
Last rekey from : 100.1.1.100
Last rekey seq num : 1
Multicast rekeys received: 0
Allowable rekey cipher : Any
Allowable rekey hash : Any
Allowable transform : Any
Rekeys Cumulative
Total received : 129
After latest registration: 129
Rekey received (hh:mm:ss): 00:00:57
ACL Downloaded From KS 100.1.1.100:
rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
rule 1 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
rule 2 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.3.0 0.0.0.255
rule 3 permit ip source 10.1.3.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
KEK Policy:
Rekey transport type : Multicast
Lifetime (sec) : 243
Encrypt algorithm : AES