NOTE:
The
show ipsec ike-sa
command replaces the
show ike sa
command, which
may be removed completely in a future release.
•
Use to display IKE phase 1 SAs running on the router.
•
Field descriptions
•
Local:Port—Local IP address and UDP port number of phase 1 negotiation
•
Remote:Port—Remote IP address and UDP port number of phase 1 negotiation
•
Time(Sec)—Time remaining in phase 1 lifetime, in seconds
•
State—Current state of the phase 1 negotiation. Corresponds to the messaging state
in the main mode and aggressive mode negotiations. Possible states are:
•
AM_SA_I—Initiator has sent initial aggressive mode SA payload and key exchange
to the responder
•
AM_SA_R—Responder has sent aggressive mode SA payload and key exchange
to the initiator
•
AM_FINAL_I—Initiator has finished aggressive mode negotiation
•
AM_DONE_R—Responder has finished aggressive mode negotiation
•
MM_SA_I—Initiator has sent initial main mode SA payload to the responder
•
MM_SA_R—Responder has sent a response to the initial main mode SA
•
MM_KE_I—Initiator has sent initial main mode key exchange to the responder
•
MM_KE_R—Responder has sent a response to the key exchange
•
MM_FINAL_I—Initiator has sent the final packet in the main mode negotiation
•
MM_FINAL_R—Responder has finished main mode negotiation
•
MM_DONE_I—Initiator has finished main mode negotiation
•
DONE—Phase 1 SA negotiation is complete, as evidenced by receipt of some phase
2 messages
•
Local Cookie—Unique identifier (SPI) for the local phase 1 IKE SA
•
Remote Cookie—Unique identifier (SPI) for the remote phase 1 IKE SA
•
Example
host1#
show ipsec ike-sa
IKE Phase 1 SA's:
Local:Port Remote:Port Time(Sec) State Local Cookie Remote Cookie
195.0.0.100:500 195.0.0.200:500 1551 DONE 0x90ee723e6cb0c016 0xf7d3651e93d56431
195.0.0.100:500 195.0.0.200:500 1552 DONE 0x821bccf81dcedbb0 0x35152bdb7a9c734e
195.0.1.100:500 195.0.1.200:500 1687 DONE 0x1b4fbcebe36d1b16 0xed742166a305a6a0
Copyright © 2010, Juniper Networks, Inc.
162
JunosE 11.2.x IP Services Configuration Guide
Содержание JUNOSE 11.2.X IP SERVICES
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Страница 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Страница 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Страница 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Страница 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Страница 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Страница 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Страница 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Страница 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Страница 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Страница 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Страница 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...