Use the ipsec -k display command to display IKE tunnel information.
ipsec -k display
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:25 2010
Primary: IKE tunnel Function: Display Format: Detail
Source: IKED Scope: Current TotAvail: n/a
TunnelID: K3
Generation: 1
IKEVersion: 1.0
KeyExchangeRuleName: ZoneC_KeyExRule1
KeyExchangeActionName: Gold-PSK
LocalEndPoint: 9.3.3.3
LocalIDType: IPV4
LocalID: 9.3.3.3
RemoteEndPoint: 10.3.1.1
RemoteIDType: USERFQDN
RemoteID: gateway.poughkeepsie.ibm.com
ExchangeMode: Main
State: DONE
AuthenticationAlgorithm: HMAC-MD5
EncryptionAlgorithm: 3DES-CBC
KeyLength: n/a
PseudoRandomFunction: HMAC-MD5
DiffieHellmanGroup: 2
LocalAuthenticationMethod: PresharedKey
RemoteAuthenticationMethod: PresharedKey
InitiatorCookie: 0xE70D94ADB3D75947
ResponderCookie: 0xCED4B800A0BE81BC
Lifesize: 0K
CurrentByteCount: 296b
Lifetime: 480m
LifetimeRefresh: 2010/02/16 19:15:22
LifetimeExpires: 2010/02/16 19:23:19
ReauthInterval: 480m
ReauthTime: 2010/02/16 19:15:22
Role: Responder
AssociatedDynamicTunnels: 2
NATTSupportLevel: RFC
NATInFrntLclScEndPnt: No
NATInFrntRmtScEndPnt: Yes
zOSCanInitiateP1SA: Yes
AllowNat: Yes
RmtNAPTDetected: No
RmtUdpEncapPort: 4500
***********************************************************************
1 entries selectedThe setting of the AllowNat field indicates whether or not NAT traversal support was advertised to the IKE peer. If AllowNat is Yes, the negotiation might or might not have detected a NAT. If the NATInFrntLclScEndPnt field is Yes, a NAT device was detected in front of the local security endpoint. If the NATInFrntRmtScEndPt field is Yes, a NAT device was detected in front of the remote security endpoint.