beautypg.com

Show isakmp policy – Allied Telesis RAPIER I User Manual

Page 184

background image

184

Enhancements to IPsec/VPN

Release Note

Software Version 2.8.1
C613-10477-00 REV B

show isakmp policy

Syntax

SHow ISAkmp POLicy[=name]

Figure 61: Modified example output from the show isakmp policy command for a
specific policy.

.

.

.

Message Time Out ...................... 20

Message Back-off ...................... Incremental

Exchange Delete Delay ................. 30

Source Interface ...................... -

VPN Client Policy File Name ........... -

Local ID .............................. -

Remote ID ............................. IPv4:192.68.1.2

DebugFlag ............................. 00000000

Retry IKE Attempts .................... 0

Current IKE Retries ................... 0

Required IKE Retry Phase .............. No Phases

SA Specification

Encryption Algorithm .................. DES - 56 bit

Hash Algorithm ........................ SHA

Group Description ..................... 1

DH Private Exponent Bits .............. 767

Heartbeat Mode ........................ NONE

Group Type ............................ MODP

Expiry Seconds ........................ 86400

Expiry Kilobytes ...................... 1000

NAT Traversal ......................... TRUE

Table 52: Modified parameters in output of the show isakmp policy command for specific
policy

Parameter

Meaning

Message Back-off

The back-off pattern used when ISAKMP messages are
retransmitted. Either the back-off time between message
retransmissions gets larger (Incremental), or remains the
same (None).

Retry IKE Attempts

The number of consecutive times that IKE attempts to
complete an exchange if exchange failures are occurring,
either a number from 0 to 16, or “continuous”. The value
is set using the retryikeattempts parameter in the set
iskamp policy command.

Current IKE Retries

The number of times that IKE has attempted to complete an
exchange and has been unsuccessful. This counter is for
consecutive attempts and is reset once an exchange is
successful. If the exchange is never successfully completed,
the number reached remains on this counter.

Required IKE Retry Phases

The phase or phases of IKE negotiation that have failed, and
need to be repeated, one of “No Phases”, “Phase 1”,
“Phase 2”, or “Phases 1 & 2”. “No Phases” indicates that
there are no outstanding IKE negotiations.

This manual is related to the following products:
See also other documents in the category Allied Telesis Computer Accessories: