No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec global config

display ipsec global config

Function

The display ipsec global config command displays the global IPSec configuration.

Format

display ipsec global config

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the global IPSec configuration.

<Huawei> display ipsec global config
IPSec Global Config:                                                            
--------------------------------------------------------------                  
  IPSec sa global-duration time-based(seconds)   : 3600                         
  IPSec sa global-duration traffic-based(kbytes) : 1843200                      
  IPSec anti-replay                              : enable                       
  IPSec df-bit                                   : copy                         
  IPSec fragmentation                            : disable 
  IPSec invalid-spi-recovery                     : disable 
--------------------------------------------------------------                  
Table 10-26  Description of the display ipsec global config command output

Item

Description

IPSec sa global-duration time-based

Global time-based SA lifetime, in seconds. To set the global time-based SA lifetime, run the ipsec sa global-duration time-based command.

IPSec sa global-duration traffic-based

Global traffic-based SA lifetime, in Kbytes. To set the global traffic-based SA lifetime, run the ipsec sa global-duration traffic-based command.

IPSec anti-replay

Whether the anti-replay function is enabled. To enable the anti-replay function, run the ipsec anti-replay command.

IPSec df-bit

DF flag bit of the IPSec tunnel:
  • clear: The DF flag bit is set to 0, indicating that IP packets can be fragmented.
  • set: The DF flag bit is set to 1, indicating that IP packets cannot be fragmented.
  • copy: The flag bit of the original packet is used.
To set the DF flag bit, run the ipsec df-bit command.

IPSec fragmentation

IPSec packet fragmentation mode:
  • enable: IPSec packets are fragmented before encryption.
  • disable: IPSec packets are fragmented after encryption.
To configure a fragmentation mode of IPSec packets, run the ipsec fragmentation command.
IPSec invalid-spi-recovery

Whether the invalid SPI recovery function is enabled.

  • enable: The invalid SPI recovery function is enabled.
  • disable: The invalid SPI recovery function is disabled.

To configure invalid SPI recovery, run the ipsec invalid-spi-recovery enable command.

Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 50071

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next