Filter
Top Products
2158 CHAPTER 141: IKE CONFIGURATION COMMANDS
Example # Display brief information about the current IKE SAs.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO--TIMEOUT
# Display detailed information about the current IKE SAs.
<Sysname>display ike sa verbose
---------------------------------------------
connection id: 2
transmitting entity: initiator
---------------------------------------------
local ip: 4.4.4.4
local id type: IPV4_ADDR
local id: 4.4.4.4
remote ip: 4.4.4.5
remote id type: IPV4_ADDR
remote id: 4.4.4.5
authentication-method: PRE-SHARED-KEY
authentication-algorithm: HASH-SHA1
encryption-algorithm: DES-CBC
life duration(sec): 86400
remaining key duration(sec): 86379
exchange-mode: MAIN
Table 572 Description on the fields of the display ike sa command
Field Description
total phase-1 SAs Total number of SAs in phase 1
connection-id Identifier of the IPSec tunnel
peer Remote IP address of the SA
flag Status of the SA:
■ RD (READY): the SA has been established.
■ ST (STAYALIVE): This end is the initiator of the tunnel negotiation.
■ RL (REPLACED): The tunnel has been replaced by a new one and will
be deleted later.
■ FD (FADING): The tunnel is soft timed out but still in use. It will be
deleted when it is hard timed out.
■ TO (TIMEOUT): The SA has received no keepalive packets after the
last keepalive timeout. If no keepalive packets are received before
the next keepalive timeout, the SA will be deleted.
phase The phase the SA belongs to:
■ Phase 1: The phase for establishing the ISAKMP SA.
■ Phase 2: The phase for negotiating the security service. IPSec SAs
are established in this phase.
doi Domain of interpretation the SA belongs to