display ike offline-info

Function

The display ike offline-info command displays information about deleted IPSec tunnels established through IKE negotiation.

The virtual system does not support this command.

Format

display ike offline-info [ peer remote-address ] [ slot slot-id cpu cpu-id ]

Parameters

Parameter	Description	Value
peer remote-address	Displays information about deleted IPSec tunnels with a specified remote IP address and established through IKE negotiation.	IPv4 address: The value is in dotted decimal notation; IPv6 address: The value is in colon hexadecimal notation.
slot slot-id cpu cpu-id	Displays information about deleted IPSec tunnels with specified slot and CPU IDs and established through IKE negotiation.	The values of slot-id and cpu-id are integers and must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The command output contains the possible causes and time of the latest 200 IPSec tunnel deletions.

Example

Display information about deleted IPSec tunnels established through IKE negotiation.

<sysname> display ike offline-info

  Current info Num :3 
  Ike offline information:
----------------------------------------------------------------------------------------------------
  peer               port    offline-reason       version     offline-time
-----------------------------------------------------------------------------------------------------
  10.10.10.10        500      dpd-timeout         v2          2015/08/01  16:05:55
  3.3.3.3            500      dpd-timeout         v2          2015/08/01  16:05:55
  10.2.2.2           500      hardware-timeout    v2          2015/08/01  15:05:55
-----------------------------------------------------------------------------------------------------

**Table 1** Description of the **display ike offline-info** command output
Item	Description
Current info Num	Current number of information records.
peer	Peer IP address of a deleted IPSec tunnel.
port	Peer UDP port number.
offline-reason	Causes for deletion of IPSec tunnels established through IKE negotiation: dpd timeout: Dead peer detection (DPD) times out. peer request: The remote end has sent a message, asking the local end to tear down the tunnel. config modify or manual offline: An SA is deleted due to configuration modification or an SA is manually deleted. phase1 hard expiry: Hard lifetime expires in phase 1 (no new SA negotiation success message is received). phase2 hard expiry: Hard lifetime expires in phase 2. heartbeat timeout: heartbeat detection times out. re-auth timeout: An SA is deleted due to reauthentication timeout. aaa cut user: The AAA module disconnects users. ip address syn failed: IP address synchronization fails. hard expiry triggered by port mismatch: A hard timeout occurs due to mismatch NAT port number. kick old sa with same flow: The old SA is deleted for the same incoming flow. cpu table updated: The SA of the non-local CPU is deleted when the SPU card is removed from the device. flow overlap: The IP address of the encapsulated flow conflicts with the remote IP address. spi conflict: An SPI conflict occurs. phase1 sa replace: The new IKE SA replaces the old IKE SA. phase2 sa replace: The new IPSec SA replaces the old IPsec SA. nhrp notify: NHRP notifies the device that the SA needs to be deleted. receive backup delete info: The standby device receives an SA backup deletion message from the active device. eap delete old sa: When the peer device performs EAP authentication repeatedly, the local device deletes the old SA. receive invalid spi notify: The device receives an invalid SPI notification. dns resolution status change: DNS resolution status changes. ikev1 phase1-phase2 sa dependent offline: The device deletes the associated IPSec SA when deleting an IKEv1 SA. exchange timeout: Packet interaction timeout. hash gene adjusted: The IPSec tunnel is deleted caused by hash factor adjustment.
version	IKE version.
offline-time	IPSec tunnel deletion time.