R0106-HP MSR Router Series Security Command Reference(V7)
354
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information.
connection-id connection-id: Displays detailed information about IKE SAs by connection ID in the range
of 1 to 2000000000.
remote-address: Displays detailed information about IKE SAs with the specified remote address.
ipv6: Specifies an IPv6 address.
remote-address: Remote IP address.
vpn-instance vpn-name: Displays detailed information about IKE SAs in an MPLS L3VPN. The vpn-name
argument is a case-sensitive string of 1 to 31 characters. To display information about IKE SAs on the
public network, do not specify this parameter.
Usage guidelines
If you do not specify any parameters, the command displays a summary about all IKE SAs.
Examples
# Display information about the current IKE SAs.
<Sysname> display ike sa
Connection-ID Remote Flag DOI
----------------------------------------------------------
1 202.38.0.2 RD IPSEC
Flags:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING
Table 46 Command output
Field Descri
p
tion
Connection-ID Identifier of the IKE SA.
Remote Remote IP address of the SA.
Flags
Status of the SA:
• RD (READY)—The SA has been established.
• ST (STAYALIVE)—This end is the initiator of the tunnel negotiation.
• RL (REPLACED)—The SA has been replaced by a new one and will be deleted later.
• FD (FADING)—The SA is in use, but it is about to expire and will be deleted soon.
• Unknown—The SA status is unknown.
DOI Interpretation domain to which the SA belongs.
# Display detailed information about the current IKE SAs.
<Sysname> display ike sa verbose
---------------------------------------------
Connection ID: 2
Outside VPN: 1
Inside VPN: 1