No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verifying the Manual IPsec Configuration

Verifying the Manual IPsec Configuration

After configuring Internet Protocol Security, you can view the IPsec configurations.

Prerequisites

All configurations of the security proposal and SA are complete.

Procedure

  1. Run the display ipsec sa manual [ brief | name sa-name [ brief ] ] command to check information about the SA.
  2. Run the display ipsec proposal [ name proposal-name | brief ] command to check information about the security proposal.
  3. Run the display ipsec statistics [ sa-name sa-name ] [ slot slot-number ] command to check statistics about protocol packets processed by IPsec.

Example

Run the display ipsec sa command to view information about the security proposal, SPI, and authentication key applied to an SA. Details are as follows:

<HUAWEI> display ipsec sa
Total Manual  IP security association number: 1

IP security association name: sa1
Number of references: 0   
  proposal name: p1
 State: Complete
  inbound AH setting: 
     AH spi: 267 (0x10b)
     AH string-key: 
     AH authentication hex key: $@$@'RCZaI8Z:_E!Q8T!3,AO_OKZ>\U!O]*>(U(9CS9!$@$@
  inbound ESP setting: 
     ESP spi: 789 (0x315)
     ESP string-key: DN]I8$];]3+Q=^Q`MAF4<1!!
     ESP encryption hex key: 
     ESP authentication hex key: 
  outbound AH setting: 
     AH spi: 267 (0x10b)
     AH string-key: 
     AH authentication hex key: $@$@'RCZaI8Z:_E!Q8T!3,AO_OKZ>\U!O]*>(U(9CS9!$@$@
  outbound ESP setting: 
     ESP spi: 789 (0x315)
     ESP string-key: DN]I8$];]3+Q=^Q`MAF4<1!!
     ESP encryption hex key: 
     ESP authentication hex key:                

IKE IP Security Association :
================================== 
IPSEC SA Information for Slot : 9
==================================
                
=============================== 

Interface: Tunnel1

===============================
                
  -----------------------------
  IPsec policy name: "pol1"
  sequence number: 1
  instance id: 0
  mode: isakmp  
  vpn: - 
  ext: M|B
  -----------------------------

    connection id: 299
    rule number: 1
    encapsulation mode: tunnel
    tunnel local : 11.1.1.1    tunnel remote: 11.1.1.2
    flow      source: 10.1.1.1/255.255.255.255 0-65535 0 0x0 
    flow destination: 11.10.1.2/255.255.255.255 0-65535 0 0x0                 
    input/output security packets: 1231231/2342424
    input/output security bytes: 234234242/6575675765
    input/output bandwidth limit drop packets: 1231231/2342424
    input/output bandwidth limit drop bytes: 234234242/6575675765

    [inbound ESP SAs] 
      establish: 2014-08-06 04:57:54 
      spi: 4280635 (0x41513b)
      vpn: - said: 47
      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
      sa remaining key duration (kilobytes/sec): 0/2850
      max received sequence-number: 10
      udp encapsulation used for nat traversal: N
    [outbound ESP SAs] 
      establish: 2014-08-06 04:57:54 
      spi: 4141662315 (0xf6dcc06b)
      vpn: - said: 48
      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
      sa remaining key duration (kilobytes/sec): 0/2850
      max sent sequence-number: 10
      udp encapsulation used for nat traversal: N

Run the display ipsec proposal [ name proposal-name | brief ] command to view the encapsulation mode, security protocol type, and authentication and encryption algorithms defined in the security proposal. Details are as follows:

<HUAWEI> display ipsec proposal
  Total IP security proposal number: 2

  IP security proposal name: p2
    encapsulation mode: transport
    transform: esp-new
    ESP protocol: authentication SHA2-HMAC-256, encryption 256-aes

  IP security proposal name: p4
    encapsulation mode: tunnel
    transform: ah-new
    AH protocol: authentication SHA2-HMAC-256

Run the display ipsec statistics command to view statistics about incoming and outgoing protocol packets processed by IPsec and detailed information about dropped protocol packets. Details are as follows:

<HUAWEI> display ipsec statistics
  IPv6 security packet statistics:
    Current system time: 2017-02-22 20:25:23
    input/output security packets: 0/0
    input/output security bytes: 0/0
    input/output dropped security packets: 0/0
    dropped security packet detail:
      memory process problem: 0
      can't find SA: 0
      queue is full: 0
      authentication is failed: 0
      wrong length: 0
      replay packet: 0
      too long packet: 0
      invalid SA: 0
      policy deny: 0
  the normal packet statistics:
    input/output dropped normal packets: 0/0
  IPv4 security packet statistics:
    Current system time: 2017-02-22 20:25:23
    input/output security packets: 0/0
    input/output security bytes: 0/0
    input/output dropped security packets: 0/0
    dropped security packet detail:
      memory process problem: 0
      can't find SA: 0
      queue is full: 0
      authentication is failed: 0
      wrong length: 0
      replay packet: 0
      too long packet: 0
      invalid SA: 0
      policy deny: 0
  the normal packet statistics:
    input/output dropped normal packets: 0/0
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 21460

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next