4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

221

222

223

224

225

226

227

228

229

230

215

Table 32 Command output

Field Description

Tunnel ID IPsec ID, used to uniquely identify an IPsec tunnel.

Status IPsec tunnel status. Only active is available.

Perfect Forward Secrecy

Perfect forward secrecy (PFS) used by the IPsec policy for negotiation:

• 768-bit Diffie-Hellman group (dh-group1)

• 1024-bit Diffie-Hellman group (dh-group2)

• 1536-bit Diffie-Hellman group (dh-group5)

• 2048-bit Diffie-Hellman group (dh-group14)

• 2048-bit and 256_bit subgroup Diffie-Hellman group (dh-group24)

SA's SPI SPIs of the inbound and outbound SAs.

Tunnel Local and remote addresses of the IPsec tunnel.

local address Local end IP address of the IPsec tunnel.

remote address Remote end IP address of the IPsec tunnel.

Flow

Information about the data flow protected by the IPsec tunnel, including

source IP address, destination IP address, source port, destination port and

protocol.

as defined in ACL 3001

Range of data flow protected by the IPsec tunnel that is established

manually. This information shows that the IPsec tunnel protects all data

flows defined by ACL 3001.

encapsulation-mode

Use encapsulation-mode to set the encapsulation mode that the security protocol uses to encapsulate IP

packets.

Use undo encapsulation-mode to restore the default.

Syntax

encapsulation-mode { transport | tunnel }

undo encapsulation-mode

Default

IP packets are encapsulated in tunnel mode.

Views

IPsec transform set view

Predefined user roles

network-admin

Parameters

transport: Uses the transport mode for IP packet encapsulation.

tunnel: Uses the tunnel mode for IP packet encapsulation.