display ipsec efficient-vpn
Parameters
Parameter |
Description |
Value |
|---|---|---|
brief |
Displays brief information about Efficient VPN policies. |
- |
capability |
Displays the IPSec configuration supported by an Efficient VPN policy. |
- |
name efficient-vpn-name |
Displays information about a specified Efficient VPN policy. |
The value is an existing Efficient VPN policy name. |
Usage Guidelines
After the Efficient VPN policy is configured, you can run this command to know the configuration information of the Efficient VPN policy, such as the name, interface, authentication method, IKE version, DH algorithm, and PFS algorithm of the Efficient VPN.
Example
# Display brief information about Efficient VPN policies.
<HUAWEI> display ipsec efficient-vpn brief
Total number of IPSec efficient-vpn: 1
Efficient-vpn name Efficient-vpn mode
------------------------------------------
v1 client
# Display information about the Efficient VPN policy named easyvpn_1.
<HUAWEI> display ipsec efficient-vpn name easyvpn_1 =========================================== IPSec efficient-vpn name: easyvpn_1 Using interface : Vlanif27 =========================================== IPSec Efficient-vpn Mode : 1 (1:Client 2:Network 3:Network-plus) ACL Number : Auth Method : 8 (8:PSK) VPN name : wbh Local ID Type : 11 (1:IP 2:Name 3:User-fqdn 11:Key-id) IKE Version : 2 (1:IKEv1 2:IKEv2) Remote Address : 10.10.10.1 Pre Shared Key Cipher : %^%#0vV`9|cDwFsNVs-ga@YF,b~X@EApDU$nJ!E1B+!1%^%# DH Group : DH group 14 PFS Type : DH group 14 Remote Name : Re-auth interval : 400 seconds Anti-replay window size : 0 Service-scheme name : ser DPD messsagemessage type : seq-notify-hash DPD message learning : enable Interface loopback : LoopBack0 Interface loopback IP : 1.1.1.1/32
Item |
Description |
|---|---|
Total number of IPSec efficient-vpn |
Total number of the Efficient VPN policy. |
Efficient-vpn name/IPSec Efficient-vpn Name |
Name of the Efficient VPN policy. To configure an Efficient VPN policy, run the ipsec efficient-vpn (system view) command. |
Using interface |
Interface to which an Efficient VPN policy is applied. |
Efficient-vpn mode/IPSec Efficient-vpn Mode |
Mode used by the Efficient VPN policy.
|
ACL Number |
ACL used by the Efficient VPN policy. To configure an ACL referenced by an Efficient VPN policy, run the security acl command. |
Auth Method |
Authentication method used by the Efficient VPN policy is pre-shared key authentication (8). |
VPN name |
Name of the VPN instance bound to the Efficient VPN policy. To bind a VPN instance to an Efficient VPN policy, run the sa binding vpn-instance (Efficient VPN policy view) command. |
Local ID Type |
Local ID type in IKE negotiation.
To set the local ID type, run the local-id-type command. |
IKE Version |
Configured IKE version:
|
Remote Address |
IP address of the remote IKE peer. To configure the remote IP address, run the remote-address command. |
Pre Shared Key Cipher |
Pre-shared key. To configure a pre-shared key, run the pre-shared-key (Efficient VPN policy view) command. |
DH Group |
DH group used in IKE negotiation. To specify a DH group, run the dh command. |
PFS Type |
Perfect Forward Secrecy (PFS) used in IKE negotiation. To specify a PFS, run the pfscommand. |
Remote Name |
Remote name used in IKE negotiation. |
Re-auth interval |
IKEv2 re-authentication interval. To configure an IKEv2 re-authentication interval, run the re-authentication interval command. |
Anti-replay window size |
IPSec anti-replay window size. This field is available only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the anti-replay window command. When the value is 0, the IPSec anti-replay function is enabled in the system view. To enable this function, run the ipsec anti-replay enable command. |
Service-scheme name |
Name of the bound service scheme. To configure the name of the bound service scheme, run the service-scheme command. |
DPD message type |
Sequence of the payload in DPD packets.
|
DPD message learning |
Whether automatic learning of the payload sequence of DPD packets is enabled.
To configure the automatic learning function, run the dpd msg notify-hash-sequence learning command. |
Interface loopback |
Number of the loopback interface. The loopback interface is dynamically created on the remote device and is used to establish an IPSec tunnel with the Efficient VPN server. |
Interface loopback IP |
IP address of the loopback interface, which is allocated by the Efficient VPN server to the remote device. |
# Display the IPSec configuration supported by an Efficient VPN policy.
<HUAWEI> display ipsec efficient-vpn capability IKEv1 Global Supported Algorithms ------------------------------------------------------- Supported DH Groups: DH_GROUP1 | DH_GROUP2 | DH_GROUP5 | DH_GROUP14 | DH_GROUP19 | DH_GROUP20 | DH_GROUP21 Supported Encryption Algorithms: DES | 3DES | AES128 | AES192 | AES256 Supported Authentication Algorithms: MD5 | SHA1 | SHA2-256 | SHA2-384 | SHA2-512 Supported Authentication Methods: Pre Shared Key IKEv2 Global Supported Algorithms ------------------------------------------------------- Supported DH Groups: DH_GROUP1 | DH_GROUP2 | DH_GROUP5 | DH_GROUP14 | DH_GROUP19 | DH_GROUP20 | DH_GROUP21 Supported Encryption Algorithms: DES | 3DES | AES128 | AES192 | AES256 Supported Integrity Algorithms: MD5 | SHA1 | AES-XCBC-96 | SHA2-256 | SHA2-384 | SHA2-512 Supported PRF: PRF-MD5 | PRF-SHA1 | PRF-AES-XCBC-128 | PRF-SHA2-256 | PRF-SHA2-384 | PRF-SHA2-512 IPSEC Global Supported Algorithms ------------------------------------------------------- Supported Security Protocols: ESP Supported Encapsulation Modes: TUNNEL Supported Authentication Algorithms: MD5 | SHA1 | SHA256 | SHA384 | SHA512 Supported Encryption Algorithms: DES | 3DES | AES128 | AES192 | AES256
The MD5 and SHA-1 authentication algorithms have security risks; therefore, you are advised to use SHA-2 preferentially.
The DES and 3DES encryption algorithms have security risks; therefore, you are advised to use AES preferentially.
The PRF-MD5 and PRF-SHA1 algorithms have security risks; therefore, you are advised to use PRF-AES-XCBC-128 or SHA-2 preferentially.
Item |
Description |
|---|---|
IKEv1 Global Supported Algorithms |
Supported algorithms when IKEv1 is specified in the Efficient VPN policy. The server can use only the supported algorithms to negotiate with the remote device. |
Supported DH Groups |
Supported DH groups when IKEv1 or IKEv2 is used. |
Supported Encryption Algorithms |
Supported encryption algorithms when IKEv1 or IKEv2 is used. |
Supported Authentication Algorithms |
Supported authentication algorithms when IKEv1 is used. To configure an authentication algorithm on the server. |
Supported Authentication Methods |
Supported authentication algorithms when IKEv1 is used: Pre Shared Key (pre-shared key authentication). |
IKEv2 Global Supported Algorithms |
Supported algorithms when IKEv2 is specified in the Efficient VPN policy. The server can use only the supported algorithms to negotiate with the remote device. |
Supported Integrity Algorithms |
Supported integrity algorithms when IKEv2 is used. To configure an integrity algorithm on the server. |
Supported PRF |
Supported PRF algorithms when IKEv2 is used. |
IPSEC Global Supported Algorithms |
Algorithms supported by the system. |
Supported Security Protocols |
Security protocol supported by IPSec: ESP. |
Supported Encapsulation Modes |
Encapsulation mode supported by IPSec: tunnel mode. |
Supported Authentication Algorithms |
Authentication algorithm supported by IPSec. |
Supported Encryption Algorithms |
Encryption algorithm supported by IPSec. |