Allied Telesis AT-9900 用户手册
184
Enhancements to IPsec/VPN
Release Note
Software Version 2.8.1
C613-10477-00 REV B
C613-10477-00 REV B
show isakmp policy
Syntax
SHow ISAkmp POLicy[=name]
Figure 61: Modified example output from the show isakmp policy command for a
specific policy.
specific policy.
.
.
.
Message Time Out ...................... 20
Message Back-off ...................... Incremental
Exchange Delete Delay ................. 30
Source Interface ...................... -
VPN Client Policy File Name ........... -
Local ID .............................. -
Remote ID ............................. IPv4:192.68.1.2
DebugFlag ............................. 00000000
Retry IKE Attempts .................... 0
Current IKE Retries ................... 0
Required IKE Retry Phase .............. No Phases
SA Specification
Encryption Algorithm .................. DES - 56 bit
Hash Algorithm ........................ SHA
Group Description ..................... 1
DH Private Exponent Bits .............. 767
Heartbeat Mode ........................ NONE
Group Type ............................ MODP
Expiry Seconds ........................ 86400
Expiry Kilobytes ...................... 1000
NAT Traversal ......................... TRUE
Table 52: Modified parameters in output of the show isakmp policy command for specific
policy
policy
Parameter
Meaning
Message Back-off
The back-off pattern used when ISAKMP messages are
retransmitted. Either the back-off time between message
retransmissions gets larger (Incremental), or remains the
same (None).
retransmitted. Either the back-off time between message
retransmissions gets larger (Incremental), or remains the
same (None).
Retry IKE Attempts
The number of consecutive times that IKE attempts to
complete an exchange if exchange failures are occurring,
either a number from 0 to 16, or “continuous”. The value
is set using the retryikeattempts parameter in the set
iskamp policy command.
complete an exchange if exchange failures are occurring,
either a number from 0 to 16, or “continuous”. The value
is set using the retryikeattempts parameter in the set
iskamp policy command.
Current IKE Retries
The number of times that IKE has attempted to complete an
exchange and has been unsuccessful. This counter is for
consecutive attempts and is reset once an exchange is
successful. If the exchange is never successfully completed,
the number reached remains on this counter.
exchange and has been unsuccessful. This counter is for
consecutive attempts and is reset once an exchange is
successful. If the exchange is never successfully completed,
the number reached remains on this counter.
Required IKE Retry Phases
The phase or phases of IKE negotiation that have failed, and
need to be repeated, one of “No Phases”, “Phase 1”,
“Phase 2”, or “Phases 1 & 2”. “No Phases” indicates that
there are no outstanding IKE negotiations.
need to be repeated, one of “No Phases”, “Phase 1”,
“Phase 2”, or “Phases 1 & 2”. “No Phases” indicates that
there are no outstanding IKE negotiations.