3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

411

412

413

414

415

416

417

418

419

420

IKE Configuration Commands 411

View

Any view

Parameter

verbose: Displays details about IKE SAs.

connection-id id: Displays connection IDs of IKE SAs.

remote-address ip-address: Displays peer IP addresses of IKE SAs.

Description

Use the display ike sa command to view the current security tunnels established

by IKE.

Related command: ike proposal.

Example

# View the security tunnels established by IKE.

[SecBlade_VPN] display ike sa

conn-id peer flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO-TIMEOUT

The descriptions of the items displayed are listed in the following table.

Tab le 278 Description on the fields of the display ike sa command

Field Description

conn-id Security channel ID

peer Remote IP address of this SA

flag Display the status of this SA

RD (READY) means this SA has been established successfully

ST (STAYALIVE) means that SA duration is negotiated, and this SA will be refreshed

in fixed interval.

RL (REPLACED) means that this SA has been replaced by a new one, and will be

automatically deleted after a period of time.

FD (FADING) means this SA has been soft timeout, but is still in use, and will be

deleted at the time of hard timeout.

TO (TIMEOUT) means this SA have not received any keepalive packet after previous

keepalive timeout occurred. If this SA receives no keepalive packet till next keepalive

timeout occurs, this SA will be deleted.

phase Phase of the SA:

Phase 1: a phase of establishing security channel to communicate, ISAKMP SA will

be established in the phase;

Phase 2: a phase of negotiating security service, IPsec SA will be established in the

phase.

doi Domain of Interpretation