Display ipsec sa policy – Panasonic 8000 User Manual
Page 102
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VAS__________
2 IPSec and IKE troubleshooting
You can use the ipsec sa global-duration time-based command to modify the global SA
duration.
IPsec sa local durat^ion(t^raffic based): 1843200 ki^lobytes
The display indicates the traffic-based SA duration.
You can use the sa duration traffic-based command to modify the configuration.
If no SA duration is configured in the policies, use the configured global traffic-based SA
duration. You can use the ipsec sa global-duration traffic-based command to modify the
global SA duration.
display ipsec sa policy
Interface: Ethernet0/2/0
path MTU : 1500
IPsec policy name: "map1"
sequence number: 10
mode: manual
encapsulation mode: tunnel
tunnel local : 202.38 .163.1 tunnel remote: 202.38.162.1
[inbound ESP SAs]
sp^: 54321 (0xd431)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration lim^t for this sa
[outbound ESP SAs]
sp^: 12345 (0x3039)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration lim^t for this sa
IPsec policy name: "map1"
sequence number: 10
The display indicates that the SA uses the matching policy with the name map1 and sequence
number 10.
mode: manual
The display indicates that the SA uses the matching policy manually configured.
encapsulation mode: tunnel
The display indicates that the SA uses the tunnel encapsulation mode.
tunnel local : 202.38 .163.1 tunnel remote: 202.38.162.1
The display indicates that the start and end port protected by SA are 202.38.163.1 and
202.38.162.1 respectively.
[inbound ESP SAs]
sp^: 54321 (0xd431)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration lim^t for this sa
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
2-55