Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2081208220832084208520862087208820892090
3Com Router 5000 Family and Router 6000 Family display ike sa 87
Command Reference
View the security tunnels established by IKE.
[3Com] display ike sa
connection-id peer flag phase doi
----------------------------------------------------------
3 1.1.1.10 RD|ST 2 IPSEC
2 1.1.1.10 RD|ST 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
View the security tunnels established by IKE.
[3Com] display ike sa
total phase-1 SAs: 2
connection-id peer flag phase doi
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO-TIMEOUT
The descriptions of the items displayed are listed in the following table:.
remaining key duration(sec) Remaining lifetime of the SA
exchange-mode IKE negotiation mode, master mode or
aggressive mode
diffie-hellman group Diffie-Hellman group used by the IKE proposal
nat traversal Supports NAT traversal
Tabl e 2 Description on the fields of the display ike sa command
Field Description
total phase-1 SAs Total number of SAs in the first phase of IKE negotiation
connection-id Security tunnel ID
peer Remote IP address of this SA
flag Display the status of this SA
RD (READY) means this SA has been established successfully
ST (STAYALIVE) means that SA duration is negotiated, and this SA will be
refreshed in fixed interval.
RL (REPLACED) means that this SA has been replaced by a new one, and
will be automatically deleted after a period of time.
FD (FADING) means this SA has been soft timeout, but is still in use, and
will be deleted at the time of hard timeout.
TO (TIMEOUT) means this SA have not received any keepalive packet after
previous keepalive timeout occurred. If this SA receives no keepalive
packet till next keepalive timeout occurs, this SA will be deleted.
phase Phase of the SA:
Phase 1: a phase of establishing security tunnel to communicate, ISAKMP
SA will be established in the phase;
Phase 2: a phase of negotiating security service, IPSec SA will be
established in the phase.
doi Domain of Interpretation
Table 1 Description on the fields of the display ike sa verbose command (continued)
Field Description