< Home

display ipsec sa

Function

The display ipsec sa command displays information about a Security Association (SA).

Format

display ipsec sa [ name sa-name ] [ brief ]

Parameters

Parameter Description Value
name sa-name Specifies the SA name.

The value is an existing SA name.
brief Displays brief information of the SA, such as the SA name and the Security Parameter Index (SPI) value. -

Views

All views

Default Level

1: Monitoring Level

Usage Guidelines

Usage Scenario

You can run the display ipsec sa command to check whether the SA configurations for outgoing packets on the local end are identical with those for incoming packets on the peer end. The display ipsec sa command output displays the following information:

  • SA name

  • Security proposal applied to the SA

  • Number of times the SA is applied

  • SA configurations for incoming Authentication Header (AH) packets

  • SA configurations for outgoing AH packets

  • SA configurations for incoming Encapsulating Security Payload (ESP) packets

  • SA configurations for outgoing ESP packets

Example

# Display configurations of the SA.

<HUAWEI> display ipsec sa
  IP security association name: sa1  
  Number of references: 0  
    proposal name: prop1  
    inbound AH setting:   
      AH spi:      
      AH string-key:  
      AH authentication hex key: %^%#0D_@HS5002;U1AR{t$3W:H188Ghs~N'_r`Y&R<j70V5-,r-NF(z!92N)oSNA%^%#
    inbound ESP setting:  
      ESP spi:   
      ESP string-key:  
      ESP encryption hex key: %^%#A*v9(B!U3U%*HL%Rod;%|G}F;B3[5%q#VMTG#9EP%^%#
      ESP authentication hex key: %^%#w_eeVg;FD3ybX!(2&P2ecMN%'JMGWXm^bR#qcUNKj_3AGrb@#\B4(Vn5cYC%^%#
    outbound AH setting: 
      AH spi:
      AH string-key:
      AH authentication hex key: %^%#jp!o1aA7qD^qMN&yI4M8nG_(~~O.{8;tyqI3%o5M4&L@G]rJw/au]r'm=j^9%^%#
    outbound ESP setting: 
      ESP spi:   
      ESP string-key:
      ESP encryption hex key: %^%#".dAYkLlqV_o-'SI0.":&<M';66l4UGMEjB9Cl\S%^%#
      ESP authentication hex key: %^%#Nkz8Z-sF*Pw3clT]@_F9B4:8>RIwc'r#sCJl0N[;{drLI|%uU5lVUWQkY3p1%^%#
Table 1 Description of the display ipsec sa command output

Item

Description

IP security association name

SA name

Number of references

Number of times the SA is applied

proposal name

Security proposal applied to the SA

inbound AH setting

SA configurations for incoming AH packets

AH spi

SPI for AH

AH string-key

Authentication key for AH in the string format displayed in cipher text

AH authentication hex key

Authentication key for AH in cipher text

inbound ESP setting

SA configurations for incoming ESP packets

ESP spi

SPI for ESP

ESP string-key

Authentication key for ESP in the string format displayed in cipher text

ESP encryption hex key

Encryption key for ESP in cipher format

ESP authentication hex key

Authentication key for ESP in cipher text

outbound AH setting

SA configurations for outgoing AH packets

outbound ESP setting

SA configurations for outgoing ESP packets
Parent Topic: IPSec Configuration Commands (IPSec Encryption)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >