HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

191

192

193

194

195

196

197

198

199

200

190

total phase-1 SAs: 1

connection-id peer flag phase doi

----------------------------------------------------------

2 1.1.1.2 RD 2 IPSEC

1 1.1.1.2 RD 1 IPSEC

flag meaning

RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT

# Display the IPsec SA information on Firewall B.

[FirewallB] display ipsec sa

===============================

Interface: Tunnel1

path MTU: 1443

===============================

-----------------------------

IPsec policy name: "btoa"

mode: tunnel

-----------------------------

connection id: 3

encapsulation mode: tunnel

perfect forward secrecy:

tunnel:

local address: 1.1.1.1

remote address: 1.1.1.2

flow :

sour addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP

dest addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP

[inbound ESP SAs]

spi: 1974923076 (0x75b6ef44)

transform-set: ESP-ENCRYPT-DES ESP-AUTH-MD5

sa duration (kilobytes/sec): 1843200/3600

sa remaining duration (kilobytes/sec): 1843199/3503

max sequence-number received: 5

anti-replay check enable: Y

anti-replay window size: 32

udp encapsulation used for nat traversal: N

[outbound ESP SAs]

spi: 2364632148 (0x8cf16c54)

transform-set: ESP-ENCRYPT-DES ESP-AUTH-MD5

sa duration (kilobytes/sec): 1843200/3600

sa remaining duration (kilobytes/sec): 1843199/3503

max sequence-number sent: 6

udp encapsulation used for nat traversal: N

# On Firewall B, ping the IP address of the interface on Firewall A that connects to the branch.

[FirewallB] ping -a 192.168.1.1 172.17.17.1