H3C Technologies H3C SecPath F1000-E User Manual
Page 218
206
1 1.1.1.2 RD 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT
You can also view the IPsec SA information.
[SecPathB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------
IPsec policy name: "btoa"
sequence number: 1
mode: tunnel
-----------------------------
connection id: 3
encapsulation mode: tunnel
perfect forward secrecy:
tunnel:
local address: 1.1.1.1
remote address: 1.1.1.2
flow :
sour addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
dest addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP
[inbound ESP SAs]
spi: 1974923076 (0x75b6ef44)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
max received sequence-number: 5
anti-replay check enable: Y
anti-replay window size: 32
udp encapsulation used for nat traversal: N
[outbound ESP SAs]
spi: 2364632148 (0x8cf16c54)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
max sent sequence-number: 6
udp encapsulation used for nat traversal: N
On SecPath B, ping the IP address of the interface on SecPath A that connects to the branch.
[SecPathB] ping -a 192.168.1.1 172.17.17.1
PING 172.17.17.1: 56 data bytes, press CTRL_C to break
Reply from 172.17.17.1: bytes=56 Sequence=1 ttl=255 time=15 ms
Reply from 172.17.17.1: bytes=56 Sequence=2 ttl=255 time=10 ms
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS