display ike offline-info

Function

The display ike offline-info command displays information about deleted IPSec tunnels established through IKE negotiation.

Format

display ike offline-info [ peer remote-address ]

Parameters

Parameter	Description	Value
peer remote-address	Displays information about deleted IPSec tunnels with a specified remote IP address and established through IKE negotiation.	The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The command output contains the possible causes and time of the latest 200 IPSec tunnel deletions.

Example

Display information about deleted IPSec tunnels established through IKE negotiation.

<HUAWEI> display ike offline-info

  Current info Num :2 
  Ike offline information:
-----------------------------------------------------------------------------   
  peer              offline-reason              version     offline-time        
-----------------------------------------------------------------------------   
  2.1.1.2           dpd timeout                 v2          2017-02-18 02:12:39 
  2.1.1.2           dpd timeout                 v2          2017-02-18 01:17:06 
-----------------------------------------------------------------------------

**Table 1** Description of the **display ike offline-info** command output
Item	Description
Current info Num	Current number of information records.
Ike offline information	Information about IPSec tunnels established through IKE negotiation have been deleted.
peer	Peer IP address of a deleted IPSec tunnel.
offline-reason	Causes for deletion of IPSec tunnels established through IKE negotiation: dpd timeout: Dead peer detection (DPD) times out. peer request: The remote end has sent a message, asking the local end to tear down the tunnel. config modify or manual offline: An SA is deleted due to configuration modification or an SA is manually deleted. phase1 hard expiry: Hard lifetime expires in phase 1 (no new SA negotiation success message is received). phase2 hard expiry: Hard lifetime expires in phase 2. heartbeat timeout: heartbeat detection times out. modecfg address soft expiry: The IP address lease applied by the remote end from the server expires. re-auth timeout: An SA is deleted due to reauthentication timeout. aaa cut user: The AAA module disconnects users. hard expiry triggered by port mismatch: A hard timeout occurs due to mismatch NAT port number. spi conflict: An SPI conflict occurs. phase1 sa replace: The new IKE SA replaces the old IKE SA. phase2 sa replace: The new IPSec SA replaces the old IPsec SA. receive invalid spi notify: The device receives an invalid SPI notification. dns resolution status change: DNS resolution status changes. ikev1 phase1-phase2 sa dependent offline: The device deletes the associated IPSec SA when deleting an IKEv1 SA. exchange timeout: Packet interaction timeout.
version	IKE version.
offline-time	IPSec tunnel deletion time.