H3C Technologies H3C SecPath F1000-E User Manual

206

1 1.1.1.2 RD 1 IPSEC

flag meaning

RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT

You can also view the IPsec SA information.

[SecPathB] display ipsec sa

===============================

Interface: Tunnel1

path MTU: 1443

===============================

-----------------------------

IPsec policy name: "btoa"

sequence number: 1

mode: tunnel

-----------------------------

connection id: 3

encapsulation mode: tunnel

perfect forward secrecy:

tunnel:

local address: 1.1.1.1

remote address: 1.1.1.2

flow :

sour addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP

dest addr: 0.0.0.0/0.0.0.0 port: 0 protocol: IP

[inbound ESP SAs]

spi: 1974923076 (0x75b6ef44)

proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

sa duration (kilobytes/sec): 1843200/3600

sa remaining duration (kilobytes/sec): 1843199/3503

max received sequence-number: 5

anti-replay check enable: Y

anti-replay window size: 32

udp encapsulation used for nat traversal: N

[outbound ESP SAs]

spi: 2364632148 (0x8cf16c54)

proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

sa duration (kilobytes/sec): 1843200/3600

sa remaining duration (kilobytes/sec): 1843199/3503

max sent sequence-number: 6

udp encapsulation used for nat traversal: N

On SecPath B, ping the IP address of the interface on SecPath A that connects to the branch.

[SecPathB] ping -a 192.168.1.1 172.17.17.1

PING 172.17.17.1: 56 data bytes, press CTRL_C to break

Reply from 172.17.17.1: bytes=56 Sequence=1 ttl=255 time=15 ms

Reply from 172.17.17.1: bytes=56 Sequence=2 ttl=255 time=10 ms