display ipsec sa manual

Function

The display ipsec sa command displays information about a Security Association (SA).

Format

display ipsec sa manual [ [ brief ] | name sa-name [ brief ] ]

Parameters

Parameter	Description	Value
brief	Displays brief information of the SA, such as the SA name and the Security Parameter Index (SPI) value.	-
name sa-name	Specifies an SA name.	It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string.
manual	Specifies a manual SA.	-

Parameter

Description

Value

brief

Displays brief information of the SA, such as the SA name and the Security Parameter Index (SPI) value.

name sa-name

Specifies an SA name.

It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string.

manual

Specifies a manual SA.

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name	Operations
ipsec	read

Usage Guidelines

Usage Scenario

You can run the display ipsec sa command to check whether the SA configurations for outgoing protocol packets on the local end are identical with those for incoming protocol packets on the peer end. The display ipsec sa command output displays the following information:

SA name
Security proposal applied to the SA
Number of times the SA is applied
SA configurations for incoming Authentication Header (AH)
SA configurations for outgoing AH
SA configurations for incoming Encapsulating Security Payload (ESP)
SA configurations for outgoing ESP

Example

The actual command output varies according to the device. The command output here is only an example.

# Display configurations of the SA.

<HUAWEI> display ipsec sa manual
  Total Manual IP security association number: 1

  IP security association name: 1
  Number of references: 0
    proposal name: 
    State: InComplete
    inbound AH setting: 
      AH spi:
      AH string-key: 
      AH authentication hex key: 
    inbound ESP setting: 
      ESP spi:
      ESP string-key: 
      ESP encryption hex key: 
      ESP authentication hex key: 
    outbound AH setting: 
      AH spi:
      AH string-key: 
      AH authentication hex key: 
    outbound ESP setting: 
      ESP spi:
      ESP string-key: 
      ESP encryption hex key: 
      ESP authentication hex key:

**Table 1** Description of the **display ipsec sa manual** command output
Item	Description
Total Manual IP security association number	Number of all manual IPsec SAs.
IP security association name	Name of a manual IPsec SA.
Number of references	Number of times the SA is applied.
proposal name	Security proposal applied to the SA.
inbound AH setting	SA configurations for incoming AH.
inbound ESP setting	SA configurations for incoming ESP.
AH spi	SPI for AH.
AH string-key	Authentication key for AH in the string format displayed in cipher text.
AH authentication hex key	Authentication key for AH in cipher text.
ESP spi	SPI for ESP.
ESP string-key	Authentication key for ESP in the string format displayed in cipher text.
ESP encryption hex key	Encryption key for ESP in cipher format.
ESP authentication hex key	Authentication key for ESP in cipher text.
outbound AH setting	SA configurations for outgoing AH.
outbound ESP setting	SA configurations for outgoing ESP.
State	State of an SA: Complete. Incomplete.