display ipsec policy
Syntax
display ipsec policy [ brief | name policy-name [ seq-number ] ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
brief: Displays brief information about all IPsec policies.
name: Displays detailed information about a specified IPsec policy or IPsec policy group.
policy-name: Name of the IPsec policy, a string of 1 to 15 characters.
seq-number: Sequence number of the IPsec policy, in the range 1 to 65535.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ipsec policy command to display information about IPsec policies.
If you do not specify any parameters, the command displays detailed information about all IPsec policies.
If you specify the name policy-name option but leave the seq-number argument, the command displays detailed information about the specified IPsec policy group.
Related commands: ipsec policy (system view).
Examples
# Display brief information about all IPsec policies.
<Sysname> display ipsec policy brief IPsec-Policy-Name Mode acl ike-peer name Mapped Template ------------------------------------------------------------------------ aaa-100 manual policy1-1 isakmp IPsec-Policy-Name Mode acl Local-Address Remote-Address ------------------------------------------------------------------------ aaa-100 manual
Table 52: Output description
Field | Description |
|---|---|
IPsec-Policy-Name | Name and sequence number of the IPsec policy separated by hyphen |
Mode | Negotiation mode of the IPsec policy:
|
acl | Access control list (ACL) referenced by the IPsec policy |
ike-peer name | IKE peer name |
Local-Address | IP address of the local end |
Remote-Address | IP address of the remote end |
# Display detailed information about all IPsec policies.
<Sysname> display ipsec policy
===========================================
IPsec Policy Group: "aaa"
Interface:
===========================================
-----------------------------
IPsec policy name: "aaa"
sequence number: 100
mode: manual
-----------------------------
security data flow :
tunnel local address:
tunnel remote address:
proposal name:
inbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
inbound ESP setting:
ESP spi:
ESP string-key:
ESP encryption hex key:
ESP authentication hex key:
outbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
outbound ESP setting:
ESP spi:
ESP string-key:
ESP encryption hex key:
ESP authentication hex key:
===========================================
IPsec Policy Group: "policy1"
Interface:
===========================================
-----------------------------
IPsec policy name: "policy1"
sequence number: 1
mode: isakmp
-----------------------------
security data flow :
selector mode: standard
tunnel remote address:
perfect forward secrecy:
proposal name:
IPsec sa local duration(time based): 3600 seconds
IPsec sa local duration(traffic based): 1843200 kilobytes
policy enable: True
Table 53: Output description
Field | Description |
|---|---|
security data flow | ACL referenced by the IPsec policy. |
Interface | Interface to which the IPsec policy is applied. |
sequence number | Sequence number of the IPsec policy. |
mode | Negotiation mode of the IPsec policy, which can be:
|
selector mode | Data flow protection mode of the IPsec policy. |
ike-peer name | IKE peer referenced by the IPsec policy. |
tunnel local address | Local IP address of the tunnel. |
tunnel remote address | Remote IP address of the tunnel. |
perfect forward secrecy | Whether PFS is enabled. |
proposal name | Proposal referenced by the IPsec policy. |
policy enable | Whether the IPsec policy is enabled or not. |
inbound/outbound AH/ESP setting | AH/ESP settings in the inbound/outbound direction, including the SPI and keys. |