Command Reference Guide
96 ● display ipsec sa 3Com Router 5000 Family and Router 6000 Family
Command Reference
display ipsec sa
Purpose Use the display ipsec sa command to view the relevant information about the
SA.
Syntax display ipsec sa [ brief | remote ip-address | policy policy-name [
seq-number ] | duration ]
Parameters brief
Displays brief information about all the SAs.
remote
Displays information about the SA with remote
address as ip-address.
ip-address
Specifies the remote address in dotted decimal format.
policy
Displays information about the SA created by the ipsec
policy whose name is policy-name.
policy-name
Specifies the name of the ipsec policy.
seq-number
Specifies the sequence number of the ipsec policy.
duration
Global sa duration to be shown.
Example View brief information about all the SAs.
<3Com> display ipsec sa brief
total phase-2 SAs: 2
Src Address Dst Address SPI Protocol Algorithm
10.1.1.1 10.1.1.2 300 ESP E:DES; A:HMAC-MD5-96
10.1.1.2 10.1.1.1 400 ESP E:DES; A:HMAC-MD5-96
View the global duration of SA.
[3Com] display ipsec sa duration
ipsec sa global duration (traffic based): 1843200 kilobytes
ipsec sa global duration (time based): 3600 seconds
View information of all the SAs.
[3Com] display ipsec sa
===============================
Table 1 Brief information of IPSec SA
Item Description
total phase-2 SAs Total number of SAs in the second phase of IPSec negotiation
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPSec
Algorithm The authentication algorithm and encryption algorithm used by the
security protocol. A display beginning with "E" in the algorithm
stands for the encryption algorithm, and a display beginning with
"A" stands for the authentication algorithm.