3com MSR 20-20 참조 매뉴얼

display ipsec session [ tunnel-id integer ]

Any view

integer: ID of the IPSec tunnel, in the range 1 to 2000000000.

Use the display ipsec session command to display information about a 
specified or all IPSec sessions.

IPSec can find matched tunnels directly by session, reducing the intermediate 
matching procedures and therefore improving the forwarding efficiency. A session 
is identified by the quintuplet of protocol, source IP address, source port, 
destination IP address, and destination port.

reset ipsec session.

# Display information about all IPSec sessions.

<Sysname> display ipsec session

------------------------------------------------------------

total sessions : 2

------------------------------------------------------------

tunnel-id : 3

session idle time/total duration (sec) : 36/300

session flow :

(8 times matched)

Sour Addr : 15.15.15.1

Sour Port:

0

Protocol : 1

Dest Addr : 15.15.15.2

Dest Port:

0

Protocol : 1

------------------------------------------------------------

tunnel-id : 4

session idle time/total duration (sec) : 7/300

session flow :

(3 times matched)

Sour Addr : 12.12.12.1

Sour Port:

0

Protocol : 1

Dest Addr : 13.13.13.1

Dest Port:

0

Protocol : 1 

# Display information about the session with an IPSec tunnel ID of 5.

sa remaining key 
duration 

Remaining lifetime of the SA 

max received 
sequence-number 

Maximum sequence number of the received packets (relevant to the 
anti-replay function provided by the security protocol) 

udp encapsulation used 
for nat traversal 

Whether NAT traversal is enabled for the SA 

outbound 

Information of the outbound SA 

max sent 
sequence-number 

Maximum sequence number of the sent packets (relevant to the 
anti-replay function provided by the security protocol)

Table 565   Description on the fields of the display ipsec sa command