Display ipsec sa policy – Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

You can use the ipsec sa global-duration time-based command to modify the global SA
duration.

IPsec sa local durat^ion(t^raffic based): 1843200 ki^lobytes

The display indicates the traffic-based SA duration.

You can use the sa duration traffic-based command to modify the configuration.

If no SA duration is configured in the policies, use the configured global traffic-based SA
duration. You can use the ipsec sa global-duration traffic-based command to modify the
global SA duration.

display ipsec sa policy

<RouterA> display ipsec sa policy map1

Interface: Ethernet0/2/0

path MTU : 1500

IPsec policy name: "map1"

sequence number: 10

mode: manual

encapsulation mode: tunnel

tunnel local : 202.38 .163.1 tunnel remote: 202.38.162.1

[inbound ESP SAs]

sp^: 54321 (0xd431)

proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration lim^t for this sa

[outbound ESP SAs]

sp^: 12345 (0x3039)

proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration lim^t for this sa

IPsec policy name: "map1"

sequence number: 10

The display indicates that the SA uses the matching policy with the name map1 and sequence
number 10.

mode: manual

The display indicates that the SA uses the matching policy manually configured.

encapsulation mode: tunnel

The display indicates that the SA uses the tunnel encapsulation mode.

tunnel local : 202.38 .163.1 tunnel remote: 202.38.162.1

The display indicates that the start and end port protected by SA are 202.38.163.1 and
202.38.162.1 respectively.

[inbound ESP SAs]

sp^: 54321 (0xd431)

proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration lim^t for this sa

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-55