H3C Technologies H3C SecPath F1000-E User Manual
Page 233
221
-----------------------------------------------------------------------
20004 192.168.0.2 RD 1 IPSEC ACTIVE
20005 192.168.0.2 RD 2 IPSEC ACTIVE
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
# On SecPath A, display the IPsec SAs synchronized from SecPath B.
===============================
Interface: GE0/2
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
mode: isakmp
-----------------------------
connection id: 20000
encapsulation mode: tunnel
perfect forward secrecy:
tunnel:
local address: 192.168.0.1
remote address: 192.168.0.2
flow:
sour addr: 10.1.1.0/0.0.0.255 port: 0 protocol: IP
dest addr: 10.2.2.0/0.0.0.255 port: 0 protocol: IP
[inbound ESP SAs]
spi: 1078770651 (0x404cbbdb)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843200/3412
max received sequence-number: 1
anti-replay check enable: Y
anti-replay window size: 32
udp encapsulation used for nat traversal: N
status: standby
[outbound ESP SAs]
spi: 468087311 (0x1be6720f)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843200/3412
max received sequence-number: 1
udp encapsulation used for nat traversal: N
status: standby
# On SecPath A, display the summary information of the IKE SA synchronized from SecPath B.
total phase-1 SAs: 1
connection-id peer flag phase doi status
-----------------------------------------------------------------------
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS