3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IPsec Configuration Commands 371
Information of all the SAs will be shown when no parameter is specified.
Related command: reset ipsec sa, ipsec sa duration, display ipsec sa and
display ipsec policy.
Example
# View brief information about all the SAs.
<SecBlade_VPN> display ipsec sa brief
Src Address Dst Address SPI Protocol Algorithm
10.1.1.1 10.1.1.2 300 ESP E:DES; A:HMAC-MD5-96
10.1.1.2 10.1.1.1 400 ESP E:DES; A:HMAC-MD5-96
# View the global duration of SA.
[SecBlade_VPN] display ipsec sa duration
Ipsec sa global duration (traffic based): 1843200 kilobytes
Ipsec sa global duration (time based): 3600 seconds
# View information of all the SAs.
[SecBlade_VPN] display ipsec sa
===============================
Interface: GigabitEthernet0/0.1
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "1"
sequence number: 1
mode: isakmp
-----------------------------
Created by: "Encrypt-card"
connection id: 5
encapsulation mode: tunnel
perfect forward secrecy: None
tunnel:
local address: 2.1.1.1
remote address: 2.1.1.3
flow: (8 times matched)
sour addr: 192.168.1.0/255.255.255.0 port: 0 protocol: IP
dest addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP
[inbound AH SAs]
spi: 1369228154 (0x519cc37a)
Tab le 274 Brief information of IPsec SA
Field Description
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPsec
Algorithm The authentication algorithm and encryption algorithm used by the security
protocol. A display beginning with "E" in the algorithm stands for the
encryption algorithm, and a display beginning with "A" stands for the
authentication algorithm.