309
Field Description
Perfect Forward Secrecy
Perfect forward secrecy (PFS) used by the IPsec policy for
negotiation:
• 768-bit Diffie-Hellman group (dh-group1)
• 1024-bit Diffie-Hellman group (dh-group2)
• 1536-bit Diffie-Hellman group (dh-group5)
• 2048-bit Diffie-Hellman group (dh-group14)
• 2048-bit and 256_bit subgroup Diffie-Hellman group
(dh-group24)
Path MTU Path MTU of the IPsec SA.
Tunnel Local and remote addresses of the IPsec tunnel.
local address Local end IP address of the IPsec tunnel.
remote address Remote end IP address of the IPsec tunnel.
Flow Information about the data flow protected by the IPsec tunnel.
sour addr Source IP address of the data flow.
dest addr Destination IP address,
port Port number.
protocol Protocol type.
SPI SPI of the IPsec SA.
Transform set Security protocol and algorithms used by the IPsec transform set.
SA duration (kilobytes/sec) IPsec SA lifetime, in kilobytes or seconds.
SA remaining duration (kilobytes/sec) Remaining IPsec SA lifetime, in kilobytes or seconds.
Max received sequence-number Max sequence number in the received packets.
Max sent sequence-number Max sequence number in the sent packets.
Anti-replay check enable Whether any-replay checking is enabled.
UDP encapsulation used for NAT traversal
Whether NAT traversal is used by the IPsec SA.
Status IPsec SA stateful failover status: active or backup.
No duration limit for this SA The manual IPsec SAs do not have lifetime.
Related commands
• ipsec sa global-duration
• reset ipsec sa
display ipsec statistics
Use display ipsec statistics to display IPsec packet statistics.
To Next Page
Loading...
Need help?
General
