display ipsec tunnel

Syntax

display ipsec tunnel [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display ipsec tunnel command to display information about IPsec tunnels.

Examples

# Display information about IPsec tunnels.

<Sysname> display ipsec tunnel
    total tunnel : 2
    ------------------------------------------------
    connection id: 3
    perfect forward secrecy:
    SA's SPI:
        inbound:  187199087 (0xb286e6f) [ESP]
        outbound: 3562274487 (0xd453feb7) [ESP]
    tunnel:
        local  address:  44.44.44.44
        remote address : 44.44.44.55
    flow:
        sour addr : 44.44.44.0/255.255.255.0  port: 0  protocol : IP
        dest addr : 44.44.44.0/255.255.255.0  port: 0  protocol : IP
    current Encrypt-card: None

------------------------------------------------
    connection id: 5
    perfect forward secrecy:
    SA's SPI:
        inbound:  12345 (0x3039) [ESP]
        outbound: 12345 (0x3039) [ESP]
    tunnel:
    flow:
    current Encrypt-card:

Table 59: Output description

Field

Description

connection id

Connection ID, used to uniquely identify an IPsec Tunnel

perfect forward secrecy

Perfect forward secrecy, indicating which DH group is to be used for fast negotiation mode in IKE phase 2

SA's SPI

SPIs of the inbound and outbound SAs

tunnel

Local and remote addresses of the tunnel

flow

Data flow protected by the IPsec tunnel, including source IP address, destination IP address, source port, destination port and protocol

as defined in acl 3001

The IPsec tunnel protects all data flows defined by ACL 3001

current Encrypt-card

Encryption card interface used by the current tunnel