display ipsec history record

Function

The display ipsec history record command displays history information about IPSec tunnels.

Format

display ipsec history record [ remote-address remote-address ] [ slot slot-id cpu cpu-id ]

Parameters

Parameter	Description	Value
remote-address remote-address	Displays history information about the IPSec tunnel with the specified remote IP address.	IPv4 address: The value is in dotted decimal notation; IPv6 address: The value is in colon hexadecimal notation.
slot slot-id cpu cpu-id	Displays IPSec tunnel history information on a specified CPU in a specified slot.	The values of slot-id and cpu-id are integers and must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ipsec history record command to view the reason and time of the last teardown of the IPSec tunnel.

Example

# Display history information about IPSec tunnels.

<sysname> display ipsec history record
IPSec history record:
Current record number: 1
===============================
Interface              : GigabitEthernet 0/0/1
remote-address         : 2.1.1.1
remote-port            : 500
VPN instance/VSYS name : huawei
flow-source            : 10.1.1.1/255.255.255.255
flow-destination       : 10.2.2.2/255.255.255.255  
last-offline-reason    : peer request
last-offline-time      : 2017-07-17 20:25:31
offline-times-in-24Hour: 1

**Table 1** Description of the **display ipsec history record** command output
Item	Description
IPSec history record	Display history information about IPSec tunnels.
Current record number	Current record number of the teardown of the IPSec tunnel.
Interface	Interface to which an IPSec policy is applied.
remote-address	Remote IP address of an IPSec tunnel.
remote-port	Remote UDP port number.
VPN instance/VSYS name	Name of a VPN instance or virtual system.
flow-source	Source address segment of data flows.
flow-destination	Destination address segment of data flows.
last-offline-reason	Reason of the last teardown of an IPSec tunnel. dpd timeout: Dead peer detection (DPD) times out. peer request: The remote end has sent a message, asking the local end to tear down the tunnel. config modify or manual offline: An SA is deleted due to configuration modification or an SA is manually deleted. phase1 hard expiry: Hard lifetime expires in phase 1 (no new SA negotiation success message is received). phase2 hard expiry: Hard lifetime expires in phase 2. heartbeat timeout: heartbeat detection times out. re-auth timeout: An SA is deleted due to reauthentication timeout. aaa cut user: The AAA module disconnects users. ip address syn failed: IP address synchronization fails. hard expiry triggered by port mismatch: A hard timeout occurs due to mismatch NAT port number. kick old sa with same flow: The old SA is deleted for the same incoming flow. cpu table updated: The SA of the non-local CPU is deleted when the SPU card is removed from the device. flow overlap: The IP address of the encapsulated flow conflicts with the remote IP address. spi conflict: An SPI conflict occurs. phase1 sa replace: The new IKE SA replaces the old IKE SA. phase2 sa replace: The new IPSec SA replaces the old IPsec SA. nhrp notify: NHRP notifies the device that the SA needs to be deleted. receive backup delete info: The standby device receives an SA backup deletion message from the active device. eap delete old sa: When the peer device performs EAP authentication repeatedly, the local device deletes the old SA. receive invalid spi notify: The device receives an invalid SPI notification. dns resolution status change: DNS resolution status changes. ikev1 phase1-phase2 sa dependent offline: The device deletes the associated IPSec SA when deleting an IKEv1 SA. exchange timeout: Packet interaction timeout. hash gene adjusted: The IPSec tunnel is deleted caused by hash factor adjustment.
last-offline-time	Last time an IPSec tunnel was torn down.
offline-times-in-24Hour	Number of times an IPSec tunnel was torn down within 24 hours.