display ipsec profile (user view)

Function

The display ipsec profile command displays information about IPSec profiles.

Format

display ipsec profile [ brief | name profile-name ] ctrl-plane

display ipsec profile [ brief | name profile-name ] slot slot-id cpu cpu-id

Parameters

Parameter	Description	Value
brief	Displays brief information about all IPSec profiles.	-
name profile-name	Displays information about a specified IPSec profile.	The value is an existing IPSec profile name.
ctrl-plane	Displays information about the IPSec profiles on the ctrl-plane. All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-
slot slot-id	Specifies the slot ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-
cpu cpu-id	Specifies the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-

Views

User view

Default Level

1: Monitoring level

Usage Guidelines

If no parameter is specified, information about all IPSec profiles is displayed.

If the brief parameter is specified, you can view brief information about all IPSec policies.

If the name parameter is specified, you can view detailed information about the specified IPSec policy.

Example

# Display brief information about all IPSec profiles.

<sysname> display ipsec profile brief ctrl-plane
 Total number of IPSec profile: 1 
 Profile name      Peer name 
 ---------------------------------  
 a                 spub

**Table 1** Description of the **display ipsec profile brief** command output
Item	Description
Total number of IPSec profile	Number of IPSec profiles on a device.
Profile name	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Peer name	Name of the IKE peer referenced by the IPSec profile. To reference an IKE peer, run the ike-peer command.

# Display information about the IPSec profile a.

<sysname> display ipsec profile name a ctrl-plane
===========================================                                     
IPSec profile  : a                                                              
Using interface: Tunnel1   
===========================================                                     
 IPSec Profile Name        : a                                                   
 Peer Name                 : -
 PFS   Group               : DH group 14 
 SecondsFlag               : 0 (0:Global 1:Local)                                
 SA Life Time Seconds      : 3600                                                
 KilobytesFlag             : 0 (0:Global 1:Local)                                
 SA Life Kilobytes         : 1843200                                             
 Anti-replay               : -                                                   
 Anti-replay Window Size   : 1024                                                
 Fragment Before-encryption: Disable                                             
 Number of IPSec Proposals : 0                                                   
 IPSec Proposals Name      : -

**Table 2** Description of the **display ipsec profile name** command output
Item	Description
IPSec profile	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Using interface	Interface to which an IPSec profile is applied.
IPSec Profile Name	Name of an IPSec profile. To configure an IPSec profile, run the ipsec profile (system view) command.
Peer Name	Name of the IKE peer referenced by the IPSec profile. To reference an IKE peer, run the ike-peer command.
PFS Group	Perfect Forward Secrecy (PFS) used in IKE negotiation: DH group 1: 768-bit Diffie-Hellman group is used during IKE negotiation. DH group 2: 1024-bit Diffie-Hellman group is used during IKE negotiation. DH group 5: 1536-bit Diffie-Hellman group is used during IKE negotiation. DH group 14: 2048-bit Diffie-Hellman group is used during IKE negotiation. DH group 15: 3072-bit Diffie-Hellman group is used during IKE negotiation. DH group 16: 4096-bit Diffie-Hellman group is used during IKE negotiation. DH group 18: 8192-bit Diffie-Hellman group is used during IKE negotiation. DH group 19: 256-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 20: 384-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 21: 521-bit ECP Diffie-Hellman group is used during IKE negotiation. DH group 24: 2048-bit Diffie-Hellman group that includes a 256-bit sub-group is used during IKE negotiation. To specify the PFS, run the pfs command.
SecondsFlag	Flag bit indicating aging of the SA. 0: The SA ages based on the time. The flag bit takes effect globally. To configure a global time-based SA lifetime, run the ipsec sa global-duration time-based command. 1: The SA ages based on the time. The flag bit takes effect in specified views only. To configure a time-based SA lifetime, run the sa duration time-based command.
SA Life Time Seconds	Time-based IPSec SA lifetime.
KilobytesFlag	Flag bit indicating aging of the SA. 0: The SA ages based on the traffic. The flag bit takes effect globally. To configure a global traffic-based SA lifetime, run the ipsec sa global-duration traffic-based command. 1: The SA ages based on the traffic. The flag bit takes effect in specified views only. To configure a traffic-based SA lifetime, run the sa duration traffic-based command.
SA Life Kilobytes	Traffic-based IPSec SA lifetime.
Anti-replay	Whether IPSec anti-replay is enabled in an IPSec profile: Enable: IPSec anti-replay is enabled. -: IPSec tunnel-based anti-replay is disabled. The global IPSec anti-replay function is used. To enable IPSec anti-replay, run the anti-replay enable command.
Anti-replay Window Size	IPSec anti-replay window size. This field is valid only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the anti-replay window command.
Fragment Before-encryption	Packet fragmentation mode. Enable: IPSec packets are fragmented before encryption. Disable: IPSec packets are fragmented after encryption. To configure a packet fragmentation mode, run the fragmentation before-encryption command.
Number of IPSec Proposals	Number of IPSec proposals referenced by an IPSec profile.
IPSec Proposals Name	Name of the referenced IPSec proposal. To configure an IPSec proposal, run the proposal command.