display ipsec profile (all views)

Function

The display ipsec profile command displays IPSec profile information.

Format

display ipsec profile [ brief | name profile-name ]

Parameters

Parameter	Description	Value
brief	Displays brief information about all IPSec profiles.	-
name profile-name	Displays information about the specified IPSec profile.	The value must be an existing IPSec profile name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If no parameter is specified, you can view information about all IPSec profiles.

If the brief parameter is specified, you can view brief information about all IPSec policies.

If the name parameter is specified, you can view detailed information about the specified IPSec policy.

Example

# Display brief information about all IPSec profiles.

<sysname> display ipsec profile brief
 Total number of IPSec profile: 1 
 Profile name      Peer name 
 ---------------------------------  
 a                 spub

**Table 1** Description of the **display ipsec profile brief** command output
Item	Description
Total number of IPSec profile	Number of IPSec profiles on a device.
Profile name	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Peer name	Name of the IKE peer referenced by the IPSec profile. To reference an IKE peer, run the ike-peer command.

# Display information about IPSec profile a.

<sysname> display ipsec profile name a
===========================================                                     
IPSec profile  : a                                                              
Using interface: Tunnel1   
===========================================                                     
 IPSec Profile Name        : a                                                   
 Peer Name                 : -
 PFS   Group               : DH group 14 
 SecondsFlag               : 0 (0:Global 1:Local)                                
 SA Life Time Seconds      : 3600                                                
 KilobytesFlag             : 0 (0:Global 1:Local)                                
 SA Life Kilobytes         : 1843200                                             
 Anti-replay               : -                                                   
 Anti-replay Window Size   : 1024                                                
 Fragment Before-encryption: Disable                                             
 Number of IPSec Proposals : 0                                                   
 IPSec Proposals Name      : -

**Table 2** Description of the **display ipsec profile name** command output
Item	Description
IPSec profile	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Using interface	Interface to which an IPSec profile is applied.
IPSec Profile Name	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Peer Name	Name of the IKE peer referenced by the IPSec profile. To reference an IKE peer, run the ike-peer command.
PFS Group	Perfect Forward Secrecy (PFS) used in IKE negotiation: DH group 1: 768-bit Diffie-Hellman group is used during IKE negotiation. DH group 2: 1024-bit Diffie-Hellman group is used during IKE negotiation. DH group 5: 1536-bit Diffie-Hellman group is used during IKE negotiation. DH group 14: 2048-bit Diffie-Hellman group is used during IKE negotiation. DH group 15: 3072-bit Diffie-Hellman group is used during IKE negotiation. DH group 16: 4096-bit Diffie-Hellman group is used during IKE negotiation. DH group 18: 8192-bit Diffie-Hellman group is used during IKE negotiation. DH group 19: 256-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 20: 384-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 21: 521-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 24: 2048-bit Diffie-Hellman group that includes a 256-bit sub-group is used during IKE negotiation. To specify the PFS, run the pfs command.
SecondsFlag	Flag bit indicating aging of the SA. 0: The SA ages based on the time. The flag bit takes effect globally. To configure a global time-based SA lifetime, run the ipsec sa global-duration time-based command. 1: The SA ages based on the time. The flag bit takes effect in specified views only. To configure a time-based SA lifetime, run the sa duration time-based command.
SA Life Time Seconds	Time-based IPSec SA lifetime.
KilobytesFlag	Flag bit indicating aging of the SA. 0: The SA ages based on the traffic. The flag bit takes effect globally. To configure a global traffic-based SA lifetime, run the ipsec sa global-duration traffic-based command. 1: The SA ages based on the traffic. The flag bit takes effect in specified views only. To configure a traffic-based SA lifetime, run the sa duration traffic-based command.
SA Life Kilobytes	Traffic-based IPSec SA lifetime.
Anti-replay	Whether IPSec anti-replay is enabled in an IPSec profile: Enable: IPSec anti-replay is enabled. -: IPSec tunnel-based anti-replay is disabled. The global IPSec anti-replay function is used. To enable IPSec anti-replay, run the anti-replay enable command.
Anti-replay Window Size	IPSec anti-replay window size. This field is valid only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the anti-replay window command.
Fragment Before-encryption	Packet fragmentation mode. Enable: IPSec packets are fragmented before encryption. Disable: IPSec packets are fragmented after encryption. To configure a packet fragmentation mode, run the fragmentation before-encryption command.
Number of IPSec Proposals	Number of IPSec proposals referenced by an IPSec profile.
IPSec Proposals Name	Name of the referenced IPSec proposal. To configure an IPSec proposal, run the proposal command.