display ipsec sa duration

Function

The display ipsec sa duration command displays the Security Association (SA) duration.

Format

display ipsec sa [ vpn ] duration

Parameters

Parameter Description Value
vpn

Indicates the VPN on the ciphertext side.

-
duration

Indicates the SA duration.

-

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name Operations
ipsec read

Usage Guidelines

You can run the display ipsec sa command to check whether the SA configurations for outgoing protocol packets on the local end are identical with those for incoming protocol packets on the peer end. The display ipsec sa command output displays the following information:

  • SA name
  • Security proposal applied to the SA
  • Number of times the SA is applied
  • SA configurations for incoming Authentication Header (AH)
  • SA configurations for outgoing AH
  • SA configurations for incoming Encapsulating Security Payload (ESP)
  • SA configurations for outgoing ESP

Example

The actual command output varies according to the device. The command output here is only an example.

# Display the SA duration.
<HUAWEI> display ipsec sa duration
 IPsec sa global duration(traffic based): 1843200 kilobytes
 IPsec sa global duration(time based): 3600 seconds
Table 1 Description of the display ipsec sa duration command output
Item Description
IPsec sa global duration(traffic based)

Indicates the traffic-based global IPSec SA duration.
IPsec sa global duration(time based)

Indicates the time-based global IPSec SA duration.
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >