display ipsec transform-set
Use display ipsec transform-set to display information about IPsec transform sets.
Syntax
display ipsec transform-set [ transform-set-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
transform-set-name: Specifies an IPsec transform set by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify an IPsec transform set, this command displays information about all IPsec transform sets.
Examples
# Display information about all IPsec transform sets.
<Sysname> display ipsec transform-set IPsec transform set: mytransform State: incomplete Encapsulation mode: tunnel ESN: Enabled PFS: Transform: ESP IPsec transform set: completeTransform State: complete Encapsulation mode: transport ESN: Enabled PFS: Transform: AH-ESP AH protocol: Integrity: SHA1 ESP protocol: Integrity: SHA1 Encryption: AES-CBC-128
Table 44: Command output
Field | Description |
---|---|
IPsec transform set | Name of the IPsec transform set. |
State | Whether the IPsec transform set is complete. |
Encapsulation mode | Encapsulation mode used by the IPsec transform set: transport or tunnel. |
ESN | Whether Extended Sequence Number (ESN) is enabled. |
PFS | Perfect Forward Secrecy (PFS) used by the IPsec policy for negotiation:
|
Transform | Security protocols used by the IPsec transform set: AH, ESP, or both. If both protocols are configured, IPsec uses ESP before AH. |
AH protocol | AH settings. |
ESP protocol | ESP settings. |
Integrity | Authentication algorithm used by the security protocol. |
Encryption | Encryption algorithm used by the security protocol. |
Related commands
ipsec transform-set