3com MSR 20-20 참조 매뉴얼
2127
display ipsec session
Syntax
display ipsec session [ tunnel-id integer ]
View
Any view
Parameter
integer: ID of the IPSec tunnel, in the range 1 to 2000000000.
Description
Use the display ipsec session command to display information about a
specified or all IPSec sessions.
specified or all IPSec sessions.
IPSec can find matched tunnels directly by session, reducing the intermediate
matching procedures and therefore improving the forwarding efficiency. A session
is identified by the quintuplet of protocol, source IP address, source port,
destination IP address, and destination port.
matching procedures and therefore improving the forwarding efficiency. A session
is identified by the quintuplet of protocol, source IP address, source port,
destination IP address, and destination port.
Related command:
Example
# Display information about all IPSec sessions.
<Sysname> display ipsec session
------------------------------------------------------------
total sessions : 2
------------------------------------------------------------
tunnel-id : 3
session idle time/total duration (sec) : 36/300
session flow :
(8 times matched)
Sour Addr : 15.15.15.1
Sour Port:
0
Protocol : 1
Dest Addr : 15.15.15.2
Dest Port:
0
Protocol : 1
------------------------------------------------------------
tunnel-id : 4
session idle time/total duration (sec) : 7/300
session flow :
(3 times matched)
Sour Addr : 12.12.12.1
Sour Port:
0
Protocol : 1
Dest Addr : 13.13.13.1
Dest Port:
0
Protocol : 1
# Display information about the session with an IPSec tunnel ID of 5.
sa remaining key
duration
duration
Remaining lifetime of the SA
max received
sequence-number
sequence-number
Maximum sequence number of the received packets (relevant to the
anti-replay function provided by the security protocol)
anti-replay function provided by the security protocol)
udp encapsulation used
for nat traversal
for nat traversal
Whether NAT traversal is enabled for the SA
outbound
Information of the outbound SA
max sent
sequence-number
sequence-number
Maximum sequence number of the sent packets (relevant to the
anti-replay function provided by the security protocol)
anti-replay function provided by the security protocol)
Table 565 Description on the fields of the display ipsec sa command
Field Description