When an IP security stack is the target of a DVIPA, it receives a copy (shadow) of any active Security Associations for the DVIPA. To display the shadow Security Associations, use the following command:
ipsec -y display -s
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 10:39:25 2010
Primary: Dynamic tunnel Function: display (shadows) Format: Detail
Source: Stack Scope: Current TotAvail: 1
TunnelID: Y2
Generation: 1
IKEVersion: 1.0
ParentIKETunnelID: K1
VpnActionName: TransportMode
LocalDynVpnRule: n/a
State: Active
HowToEncap: Transport
LocalEndPoint: 9.1.1.1
RemoteEndPoint: 9.1.1.2
LocalAddressBase: 9.1.1.1
LocalAddressPrefix: n/a
LocalAddressRange: n/a
RemoteAddressBase: 9.1.1.2
RemoteAddressPrefix: n/a
RemoteAddressRange: n/a
HowToAuth: ESP
AuthAlgorithm: HMAC-MD5
AuthInboundSpi: 1878088104 (0x6FF159A8)
AuthOutboundSpi: 270783814 (0x1023D546)
HowToEncrypt: DES-CBC
KeyLength: n/a
EncryptInboundSpi: 1878088104 (0x6FF159A8)
EncryptOutboundSpi: 270783814 (0x1023D546)
Protocol: ALL(0)
LocalPort: n/a
LocalPortRange: n/a
RemotePort: n/a
RemotePortRange: n/a
Type: n/a
TypeRange: n/a
Code: n/a
CodeRange: n/a
OutboundPackets: 1
OutboundBytes: 264
InboundPackets: 1
InboundBytes: 264
Lifesize: 0K
LifesizeRefresh: 0K
CurrentByteCount: 0b
LifetimeRefresh: 2010/02/16 14:26:22
LifetimeExpires: 2010/02/16 14:37:43
CurrentTime: 2010/02/16 10:39:25
VPNLifeExpires: 2010/02/17 10:37:43
NAT Traversal Topology:
UdpEncapMode: No
LclNATDetected: No
RmtNATDetected: No
RmtNAPTDetected: No
RmtIsGw: n/a
RmtIsZOS: n/a
zOSCanInitP2SA: n/a
RmtUdpEncapPort: n/a
SrcNATOARcvd: n/a
DstNATOARcvd: n/a
PassthroughDF: n/a
PassthroughDSCP: n/a
***********************************************************************
1 entries selected