display ipsec tunnel
Syntax
display ipsec tunnel [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ipsec tunnel command to display information about IPsec tunnels.
Examples
# Display information about IPsec tunnels.
<Sysname> display ipsec tunnel total tunnel : 2 ------------------------------------------------ connection id: 3 perfect forward secrecy: SA's SPI: inbound: 187199087 (0xb286e6f) [ESP] outbound: 3562274487 (0xd453feb7) [ESP] tunnel: local address: 44.44.44.44 remote address : 44.44.44.55 flow: sour addr : 44.44.44.0/255.255.255.0 port: 0 protocol : IP dest addr : 44.44.44.0/255.255.255.0 port: 0 protocol : IP current Encrypt-card: None ------------------------------------------------ connection id: 5 perfect forward secrecy: SA's SPI: inbound: 12345 (0x3039) [ESP] outbound: 12345 (0x3039) [ESP] tunnel: flow: current Encrypt-card:
Table 59: Output description
Field | Description |
---|---|
connection id | Connection ID, used to uniquely identify an IPsec Tunnel |
perfect forward secrecy | Perfect forward secrecy, indicating which DH group is to be used for fast negotiation mode in IKE phase 2 |
SA's SPI | SPIs of the inbound and outbound SAs |
tunnel | Local and remote addresses of the tunnel |
flow | Data flow protected by the IPsec tunnel, including source IP address, destination IP address, source port, destination port and protocol |
as defined in acl 3001 | The IPsec tunnel protects all data flows defined by ACL 3001 |
current Encrypt-card | Encryption card interface used by the current tunnel |