display ipsec { ipv6-policy | policy }
Use display ipsec { ipv6-policy | policy } to display information about IPsec policies.
Syntax
display ipsec { ipv6-policy | policy } [ policy-name [ seq-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ipv6-policy: Displays information about IPv6 IPsec policies.
policy: Displays information about IPv4 IPsec policies.
policy-name: Specifies an IPsec policy by its name, a case-insensitive string of 1 to 63 characters.
seq-number: Specifies an IPsec policy entry by its sequence number in the range of 1 to 65535.
Usage guidelines
If you do not specify any parameters, this command displays information about all IPsec policies.
If you specify an IPsec policy name and a sequence number, this command displays information about the specified IPsec policy entry. If you specify an IPsec policy name without any sequence number, this command displays information about all IPsec policy entries with the specified name.
Examples
# Display information about all IPv4 IPsec policies.
<Sysname> display ipsec policy ------------------------------------------- IPsec Policy: mypolicy ------------------------------------------- ----------------------------- Sequence number: 1 Mode: Manual ----------------------------- The policy configuration is incomplete: ACL not specified Incomplete transform-set configuration Description: This is my first IPv4 manual policy Security data flow: Remote address: 2.5.2.1 Transform set: transform Inbound AH setting: AH SPI: 1200 (0x000004b0) AH string-key: ****** AH authentication hex key: Inbound ESP setting: ESP SPI: 1400 (0x00000578) ESP string-key: ESP encryption hex key: ESP authentication hex key: Outbound AH setting: AH SPI: 1300 (0x00000514) AH string-key: ****** AH authentication hex key: Outbound ESP setting: ESP SPI: 1500 (0x000005dc) ESP string-key: ****** ESP encryption hex key: ESP authentication hex key: ----------------------------- Sequence number: 2 Mode: ISAKMP ----------------------------- The policy configuration is incomplete: Remote-address not set ACL not specified Transform-set not set Description: This is my first IPv4 Isakmp policy Traffic Flow Confidentiality: Enabled Security data flow: Selector mode: standard Local address: Remote address: Transform set: IKE profile: IKEv2 profile: SA duration(time based): 3600 seconds SA duration(traffic based): 1843200 kilobytes SA idle time: ------------------------------------------- IPsec Policy: mycompletepolicy Interface: LoopBack2 ------------------------------------------- ----------------------------- Sequence number: 1 Mode: Manual ----------------------------- Description: This is my complete policy Security data flow: 3100 Remote address: 2.2.2.2 Transform set: completetransform Inbound AH setting: AH SPI: 5000 (0x00001388) AH string-key: ****** AH authentication hex key: Inbound ESP setting: ESP SPI: 7000 (0x00001b58) ESP string-key: ****** ESP encryption hex key: ESP authentication hex key: Outbound AH setting: AH SPI: 6000 (0x00001770) AH string-key: ****** AH authentication hex key: Outbound ESP setting: ESP SPI: 8000 (0x00001f40) ESP string-key: ****** ESP encryption hex key: ESP authentication hex key: ----------------------------- Sequence number: 2 Mode: ISAKMP ----------------------------- Description: This is my complete policy Traffic Flow Confidentiality: Enabled Security data flow: 3200 Selector mode: standard Local address: Remote address: 5.3.6.9 Transform set: completetransform IKE profile: IKEv2 profile: SA duration(time based): 3600 seconds SA duration(traffic based): 1843200 kilobytes SA idle time:
# Display information about all IPv6 IPsec policies.
<Sysname> display ipsec ipv6-policy ------------------------------------------- IPsec Policy: mypolicy ------------------------------------------- ----------------------------- Sequence number: 1 Mode: Manual ----------------------------- Description: This is my first IPv6 policy Security data flow: 3600 Remote address: 1000::2 Transform set: mytransform Inbound AH setting: AH SPI: 1235 (0x000004d3) AH string-key: ****** AH authentication hex key: Inbound ESP setting: ESP SPI: 1236 (0x000004d4) ESP string-key: ****** ESP encryption hex key: ESP authentication hex key: Outbound AH setting: AH SPI: 1237 (0x000004d5) AH string-key: ****** AH authentication hex key: Outbound ESP setting: ESP SPI: 1238 (0x000004d6) ESP string-key: ****** ESP encryption hex key: ESP authentication hex key:
Table 38: Command output
Field | Description |
---|---|
IPsec Policy | IPsec policy name. |
Interface | Interface applied with the IPsec policy. |
Sequence number | Sequence number of the IPsec policy entry. |
Mode | Negotiation mode of the IPsec policy:
|
The policy configuration is incomplete | IPsec policy configuration incomplete. Possible causes include:
|
Description | Description of the IPsec policy. |
Traffic Flow Confidentiality | Whether Traffic Flow Confidentiality (TFC) padding is enabled. |
Security data flow | ACL used by the IPsec policy. |
Selector mode | Data flow protection mode of the IPsec policy: standard, aggregation, or per-host. |
Local address | Local end IP address of the IPsec tunnel (available only for the IKE-based IPsec policy). |
Remote address | Remote end IP address or host name of the IPsec tunnel. |
Transform set | Transform set used by the IPsec policy. |
IKE profile | IKE profile used by the IPsec policy. |
IKEv2 profile | IKEv2 profile used by the IPsec policy. |
SA duration(time based) | Time-based IPsec SA lifetime, in seconds. |
SA duration(traffic based) | Traffic-based IPsec SA lifetime, in kilobytes. |
SA idle time | Idle timeout of the IPsec SA, in seconds. |
AH string-key | AH string key. This field displays ****** if the key is configured and it is empty if the key is not configured. |
AH authentication hex key | AH authentication hexadecimal key. This field displays ****** if the key is configured and it is empty if the key is not configured. |
ESP string-key | ESP string key. This field displays ****** if the key is configured and it is empty if the key is not configured. |
ESP encryption hex key | ESP encryption hexadecimal key. This field displays ****** if the key is configured and it is empty if the key is not configured. |
ESP authentication hex key | ESP authentication hexadecimal key. This field displays ****** if the key is configured and it is empty if the key is not configured. |
Related commands
ipsec { ipv6-policy | policy }