Filter
Top Products
2127
display ipsec session
Syntax display ipsec session [ tunnel-id integer ]
View Any view
Parameter integer: ID of the IPSec tunnel, in the range 1 to 2000000000.
Description Use the
display ipsec session command to display information about a
specified or all IPSec sessions.
IPSec can find matched tunnels directly by session, reducing the intermediate
matching procedures and therefore improving the forwarding efficiency. A session
is identified by the quintuplet of protocol, source IP address, source port,
destination IP address, and destination port.
Related command: reset ipsec session.
Example # Display information about all IPSec sessions.
<Sysname> display ipsec session
------------------------------------------------------------
total sessions : 2
------------------------------------------------------------
tunnel-id : 3
session idle time/total duration (sec) : 36/300
session flow : (8 times matched)
Sour Addr : 15.15.15.1 Sour Port: 0 Protocol : 1
Dest Addr : 15.15.15.2 Dest Port: 0 Protocol : 1
------------------------------------------------------------
tunnel-id : 4
session idle time/total duration (sec) : 7/300
session flow : (3 times matched)
Sour Addr : 12.12.12.1 Sour Port: 0 Protocol : 1
Dest Addr : 13.13.13.1 Dest Port: 0 Protocol : 1
# Display information about the session with an IPSec tunnel ID of 5.
sa remaining key
duration
Remaining lifetime of the SA
max received
sequence-number
Maximum sequence number of the received packets (relevant to the
anti-replay function provided by the security protocol)
udp encapsulation used
for nat traversal
Whether NAT traversal is enabled for the SA
outbound Information of the outbound SA
max sent
sequence-number
Maximum sequence number of the sent packets (relevant to the
anti-replay function provided by the security protocol)
Table 565 Description on the fields of the display ipsec sa command
Field Description