4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

261

262

263

264

265

266

267

268

269

270

256

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information.

connection-id connection-id: Displays detailed information about IKE SAs by connection ID, in the range

of 1 to 2000000000.

remote-address: Displays detailed information about IKE SAs with the specified remote address.

ipv6: Specifies an IPv6 address.

remote-address: Remote IP address.

vpn-instance vpn-name: Displays detailed information about IKE SAs in an MPLS L3VPN. The vpn-name

argument is a case-sensitive string of 1 to 31 characters. To display information about IKE SAs on the

public network, do not specify this parameter.

Usage guidelines

If you do not specify any parameter, the command displays a summary about all IKE SAs.

Examples

# Display information about the current IKE SAs.

<Sysname> display ike sa

Connection-ID Remote Flag DOI

----------------------------------------------------------

1 202.38.0.2 RD IPSEC

Flags:

RD--READY ST--STAYALIVE RL--REPLACED FD—FADING

Table 34 Command output

Field Descri

tion

Connection-ID Identifier of the IKE SA.

Remote Remote IP address of the SA.

Flags

Status of the SA:

• RD (READY)—The SA has been established.

• ST (STAYALIVE)—This end is the initiator of the tunnel negotiation.

• RL (REPLACED)—The tunnel has been replaced by a new one and will be deleted later.

• FD (FADING)—The IKE SA is in use, but it is about to expire and will be deleted soon.

• Unknown—The SA state is unknown.

DOI Interpretation domain to which the SA belongs.

# Display detailed information about the current IKE SAs.

<Sysname> display ike sa verbose

---------------------------------------------

Connection ID: 2

Outside VPN: 1

Inside VPN: 1