display ipsec policy

Function

The display ipsec policy command displays information about the IPSec policy.

This command is supported only on the NetEngine 8000 F1A.

Format

display ipsec policy [ { name mapname [ sequencenumber ] } | brief ]

Parameters

Parameter	Description	Value
name mapname	Indicates the name of an IPSec policy.	It is a string of 1 to 15 case sensitive characters.
sequencenumber	Indicates the sequence number of an IPSec policy.	It is an integer that ranges from 1 to 10000, where a smaller value indicates a higher priority.
brief	Displays brief information about all the IPSec policies.	-

Parameter

Description

Value

name mapname

Indicates the name of an IPSec policy.

It is a string of 1 to 15 case sensitive characters.

sequencenumber

Indicates the sequence number of an IPSec policy.

It is an integer that ranges from 1 to 10000, where a smaller value indicates a higher priority.

brief

Displays brief information about all the IPSec policies.

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name	Operations
ike	read

Usage Guidelines

The display ipsec policy brief command displays the following brief information about the IPSec policies. In this case, the information is displayed in brief format.

Name and sequence number
Negotiation mode
ACL number
IKE peer
Local address
Remote address
Using the name parameter, you can view details on the specified IPSec policy. In this case, the information is displayed in detailed format.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display detailed information about the IPsec policy named pol1.

<HUAWEI> display ipsec policy name pol1

===========================================
IPsec Policy Group: "pol1"
Using interface: {Tunnel1}
===========================================

  -----------------------------
  IPsec policy name: "pol1"
  sequence number: 1
  mode: isakmp
  -----------------------------
    security data flow: 3000
    ike-peer name: peer1 
    perfect forward secrecy: None
    proposal name: p1
    IPsec sa local duration(time based): 3600 seconds 
    IPsec sa local duration(traffic based): 1843200 kilobytes

# Display brief information about all the IPSec policies.

<HUAWEI> display ipsec policy brief
current ipsec policy number: 1 
-----------------------------------------------------------------------------------
IPsec-Policy-Name  Mode     acl  ike-peer         Local-Address   Remote-Address   
-----------------------------------------------------------------------------------
policy1-1          isakmp   3001

**Table 1** Description of the **display ipsec policy** command output
Item	Description
IPsec Policy Group	Name of an IPsec policy group.
IPsec policy name	Name of an IPsec policy.
IPsec sa local duration(time based)	Time-based remaining SA lifecycle (seconds).
IPsec sa local duration(traffic based)	Traffic-based remaining SA lifecycle.
Using interface	Name of the interface to which a policy is applied.
sequence number	Sequence number of an IPsec policy.
security data flow	Security data flow.
ike-peer	Indicates IKE peer involved.
ike-peer name	Name of an IKE peer.
perfect forward secrecy	Forward consistency check.
proposal name	IPsec proposal name.
current ipsec policy number	Indicates the number of the current IPSec policy.
IPsec-Policy-Name	Indicates name and sequence number of an IPSec policy.
Mode	Indicates negotiation method used by an IPSec policy.
acl	Indicates ACL used by an IPSec policy.
Local-Address	Indicates local IP address.
Remote-Address	Indicates remote IP address.
mode	Policy mode, template or isakmp.