Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-55
You can use the ipsec sa global-duration time-based command to modify the global SA
duration.
IPsec sa local duration(traffic based): 1843200 kilobytes
The display indicates the traffic-based SA duration.
You can use the sa duration traffic-based command to modify the configuration.
If no SA duration is configured in the policies, use the configured global traffic-based SA
duration. You can use the ipsec sa global-duration traffic-based command to modify the
global SA duration.
display ipsec sa policy
<RouterA> display ipsec sa policy map1
===============================
Interface: Ethernet0/2/0
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
mode: manual
-----------------------------
encapsulation mode: tunnel
tunnel local : 202.38.163.1 tunnel remote: 202.38.162.1
[inbound ESP SAs]
spi: 54321 (0xd431)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration limit for this sa
[outbound ESP SAs]
spi: 12345 (0x3039)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration limit for this sa
IPsec policy name: "map1"
sequence number: 10
The display indicates that the SA uses the matching policy with the name map1 and sequence
number 10.
mode: manual
The display indicates that the SA uses the matching policy manually configured.
encapsulation mode: tunnel
The display indicates that the SA uses the tunnel encapsulation mode.
tunnel local : 202.38.163.1 tunnel remote: 202.38.162.1
The display indicates that the start and end port protected by SA are 202.38.163.1 and
202.38.162.1 respectively.
[inbound ESP SAs]
spi: 54321 (0xd431)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration limit for this sa