Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
371372373374375376377378379380
372 CHAPTER 22: IPSEC CONFIGURATION COMMANDS
proposal: AH-SHA1HMAC96
sa remaining key duration (bytes/sec): 1887436256/3594
max received sequence-number: 4
udp encapsulation used for nat traversal: N
[inbound ESP SAs]
spi: 2673492781 (0x9f5a432d)
proposal: ESP-ENCRYPT-3DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436448/3594
max received sequence-number: 4
udp encapsulation used for nat traversal: N
[outbound ESP SAs]
spi: 1109683945 (0x42246ee9)
proposal: ESP-ENCRYPT-3DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436256/3594
max sent sequence-number: 5
udp encapsulation used for nat traversal: N
[outbound AH SAs]
spi: 3969283528 (0xec9675c8)
proposal: AH-SHA1HMAC96
sa remaining key duration (bytes/sec): 1887436160/3594
max sent sequence-number: 5
udp encapsulation used for nat traversal: N
Tabl e 275 Description on the fields of the display ipsec sa command
Field Description
Interface Interface using IPsec policy
path MTU Maximum IP packet length sent from the interface
IPsec policy IPsec policy used, including name, sequence number and
negotiation method
Created by Encrypt-card" indicates that the data is encrypted by encryption
card; "Host" indicates that the data is encrypted by software.
connection id security channel identifier
encapsulation mode IPsec mode, including two types: transport mode and tunnel mode
perfect forward secrecy Whether the perfect forward secrecy (PFC) feature is enabled
tunnel local local IP address
tunnel remote remote IP address
sour addr Source address of the ACL referenced by the IPsec policy
dest addr Destination address of the ACL referenced by the IPsec policy
inbound SA information of the inbound end
transform proposal used by the IPsec policy
sa remaining key duration rest sa duration of SA
max received
sequence-number
maximum sequence number of the received packets (the
anti-replay function provided by the security protocol)
udp encapsulation used
for nat traversal
Whether IKE NAT traversal is used
outbound SA information of the outbound end
max sent
sequence-number
maximum sequence number of the sent packets (the anti-replay
function provided by the security protocol)