Shadow Security Associations

When an IP security stack is the target of a DVIPA, it receives a copy (shadow) of any active Security Associations for the DVIPA. To display the shadow Security Associations, use the following command:

ipsec -y display -s 

CS V1R12 ipsec  Stack Name: TCPCS  Tue Feb 16 10:39:25 2010
Primary:  Dynamic tunnel  Function: display (shadows)  Format:   Detail
Source:   Stack           Scope:    Current            TotAvail: 1

TunnelID:                     Y2
Generation:                   1
IKEVersion:                   1.0
ParentIKETunnelID:            K1
VpnActionName:                TransportMode
LocalDynVpnRule:              n/a
State:                        Active
HowToEncap:                   Transport
LocalEndPoint:                9.1.1.1
RemoteEndPoint:               9.1.1.2
LocalAddressBase:             9.1.1.1
LocalAddressPrefix:           n/a
LocalAddressRange:            n/a
RemoteAddressBase:            9.1.1.2
RemoteAddressPrefix:          n/a
RemoteAddressRange:           n/a
HowToAuth:                    ESP
 AuthAlgorithm:               HMAC-MD5
 AuthInboundSpi:              1878088104 (0x6FF159A8)
 AuthOutboundSpi:             270783814  (0x1023D546)
HowToEncrypt:                 DES-CBC
 KeyLength:                   n/a
 EncryptInboundSpi:           1878088104 (0x6FF159A8)
 EncryptOutboundSpi:          270783814  (0x1023D546)
Protocol:                     ALL(0)
LocalPort:                    n/a
LocalPortRange:               n/a
RemotePort:                   n/a
RemotePortRange:              n/a
Type:                         n/a
TypeRange:                    n/a
Code:                         n/a
CodeRange:                    n/a
OutboundPackets:              1
OutboundBytes:                264
InboundPackets:               1
InboundBytes:                 264
Lifesize:                     0K
LifesizeRefresh:              0K
CurrentByteCount:             0b
LifetimeRefresh:              2010/02/16 14:26:22
LifetimeExpires:              2010/02/16 14:37:43
CurrentTime:                  2010/02/16 10:39:25
VPNLifeExpires:               2010/02/17 10:37:43
NAT Traversal Topology:
  UdpEncapMode:               No
  LclNATDetected:             No
  RmtNATDetected:             No
  RmtNAPTDetected:            No
  RmtIsGw:                    n/a
  RmtIsZOS:                   n/a
  zOSCanInitP2SA:             n/a
  RmtUdpEncapPort:            n/a
  SrcNATOARcvd:               n/a
  DstNATOARcvd:               n/a
PassthroughDF:                n/a
PassthroughDSCP:              n/a
***********************************************************************

1 entries selected