Ruijie Community

Title: show crypto ipsec sa command [Print this page]

Author: admin Time: 2017-5-4 19:59
Title: show crypto ipsec sa command
show crypto ipsec sa command

Author: admin Time: 2017-5-4 20:00

ruijie#show crypto ipsec sa

Interface: Async 1//Local encrypted interface

Crypto map tag:3gtest, local addr 30.160.230.11 //LocalIP address used for negotiation with the peer end

media mtu 1500

==================================

item type:static, seqno:1, id=32

local ident(addr/mask/prot/port): (192.168.1.0/0.0.0.255/0/0)) //Source network segment for IPsec interesting traffic

remote ident(addr/mask/prot/port): (192.168.2.0/0.0.0.255/0/0)) //Destination network segment for IPsec interesting traffic

PERMIT

#pkts encaps: 336, #pkts encrypt: 336, #pkts digest 0 //Number of encapsulated packets, encrypted packets, and digest packets sent by the specified port

#pkts decaps: 58, #pkts decrypt: 58, #pkts verify0 //Number of decapsulated packets, decrypted packets, and verification packets received by the specified port

#send errors 0, #recv errors 0 //Number of incorrect packets that are sent and received

Inbound esp sas:

spi:0x39aea73c (967747388) //Incoming SPI number of the security association (SA)

transform: esp-sm1 //Transform-setin use

in use settings={Tunnel,} //Tunnel mode

crypto map 3gtest 1//Map name invoked

sa timing: remaining key lifetime (k/sec) : (4606685/3364) //Lifetime of the SA: remaining traffic and time

IV size: 16 bytes

Replay detection support:N

Outbound esp sas:

spi:0x437d9610 (1132303888) //Outgoing SPI number of the SA

transform: esp-sm1 //Transform-set in use

in use settings={Tunnel,} //Tunnel mode

crypto map 3gtest 1

sa timing: remaining key lifetime (k/sec) : (4606685/3364) //Lifetime of the SA: remaining traffic and time

IV size: 16 bytes

Replay detection support:N

Welcome to Ruijie Community (https://community.ruijienetworks.com/)