4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

211

212

213

214

215

216

217

218

219

220

207

Usage guidelines

If you do not specify any parameters, this command displays information about all IPsec SAs.

Examples

# Display brief information about IPsec SAs.

<Sysname> display ipsec sa brief

-----------------------------------------------------------------------

Interface/Global Dst Address SPI Protocol Status

-----------------------------------------------------------------------

Eth0/1 10.1.1.1 400 ESP active

Eth0/1 255.255.255.255 4294967295 ESP active

Eth0/1 100::1/64 500 AH active

global -- 600 ESP active

Table 27 Command output

Field Descri

tion

Interface/Global

Interface where the IPsec SA belongs to or global IPsec SA (created by using an IPsec

profile).

Dst Address

Remote end IP address of the IPsec tunnel.

For the IPsec SAs created by using IPsec profiles, "–" is displayed in this field.

SPI IPsec SA SPI.

Protocol Security protocol used by IPsec.

Status

Stateful failover status of the IPsec SA: active or backup.

In standalone mode, "–" is displayed in this field.

# Display the number of IPsec SAs.

<Sysname> display ipsec sa count

Total IPsec SAs count: 4

# Display information about all IPsec SAs.

<Sysname> display ipsec sa

-------------------------------

Interface: Ethernet1/1

-------------------------------

-----------------------------

IPsec policy: r2

Sequence number: 1

Mode: isakmp

-----------------------------

Tunnel id: 3

Encapsulation mode: tunnel

Perfect Forward Secrecy:

Path MTU: 1443

Tunnel:

local address: 2.2.2.2

remote address: 1.1.1.2