FAQ-How to display the number of IPSec tunnels

Publication Date:  2015-07-01 Views:  234 Downloads:  0
Issue Description
How to display the number of IPSec tunnels?
Solution
Run the display ike sa command in any view. The system displays the number of SAs in phase 2. Alternatively, run the display ipsec sa brief command in any view. current ipsec tunnel number is the number of IPSec tunnels.

For example, the following output indicates that two tunnels are set up:

<sysname> display ike sa
current ike sa number: 3
-----------------------------------------------------------------------------
conn-id    peer                    flag          phase vpn
-----------------------------------------------------------------------------
40003      100.1.4.2               RD|ST         v2:2  public
40002      100.1.4.2               RD|ST         v2:2  public
40001      100.1.4.2               RD|ST         v2:1  public

  flag meaning
  RD--READY    ST--STAYALIVE  RL--REPLACED      FD--FADING
  TO--TIMEOUT  TD--DELETING   NEG--NEGOTIATING  D--DPD

The following output indicates that one tunnel is set up:

<sysname> display ipsec sa brief

current ipsec sa number: 2
current ipsec tunnel number: 1
--------------------------------------------------------------
Src Address     Dst Address     SPI         Protocol  Algorithm
-------------------------------------------------------------------
10.10.10.1     202.38.160.2     142427840   ESP       E:AES;A:HMAC-SHA1-96;
202.38.160.2   10.10.10.1       52885424    ESP       E:AES;A:HMAC-SHA1-96; 

END