Use the ipsec -y display command to display IPSec tunnel information.
ipsec -y display -a Y39
TunnelID: Y39
Generation: 1
IKEVersion: 1.0
ParentIKETunnelID: K11
VpnActionName: TransportMode
LocalDynVpnRule: n/a
State: Active
HowToEncap: Transport
LocalEndPoint: 9.2.2.2
RemoteEndPoint: 9.4.4.4
LocalAddressBase: 9.2.2.2
LocalAddressPrefix: n/a
LocalAddressRange: n/a
RemoteAddressBase: 9.4.4.4
RemoteAddressPrefix: n/a
RemoteAddressRange: n/a
HowToAuth: ESP
AuthAlgorithm: HMAC-MD5
AuthInboundSpi: 2418545801 (0x90281489)
AuthOutboundSpi: 4027602341 (0xF01055A5)
HowToEncrypt: DES-CBC
KeyLength: n/a
EncryptInboundSpi: 2418545801 (0x90281489)
EncryptOutboundSpi: 4027602341 (0xF01055A5)
Protocol: ALL(0)
LocalPort: n/a
LocalPortRange: n/a
RemotePort: n/a
RemotePortRange: n/a
Type: n/a
TypeRange: n/a
Code: n/a
CodeRange: n/a
OutboundPackets: 1
OutboundBytes: 264
InboundPackets: 1
InboundBytes: 264
Lifesize: 0K
LifesizeRefresh: 0K
CurrentByteCount: 0b
LifetimeRefresh: 2010/02/16 15:14:52
LifetimeExpires: 2010/02/16 15:23:19
CurrentTime: 2010/02/16 11:53:31
VPNLifeExpires: 2010/02/17 11:23:19
NAT Traversal Topology:
UdpEncapMode: Yes
LclNATDetected: No
RmtNATDetected: Yes
RmtNAPTDetected: No
RmtIsGw: No
RmtIsZOS: Yes
zOSCanInitP2SA: Yes
RmtUdpEncapPort: 4500
SrcNATOARcvd: 10.2.2.2
DstNATOARcvd: 9.2.2.2
PassthroughDF: n/a
PassthroughDSCP: n/a
***********************************************************************
1 entries selected
The NAT Traversal Topology fields show additional information when a NAT was detected in the path between the IKE peers. The setting of the UdpEncapMode field indicates whether a UDP-encapsulated mode Security Association has or has not been negotiated. If NAT Traversal is supported by both IKE peers and one or more NATs are detected, UdpEncapMode is set to Yes. The RmtNATDetected field is Yes if a NAT is detected in front of the remote peer. The RmtIsGW field is Yes if the remote peer is acting as a security gateway.
AssociatedFiltProtocol: TCP(6)
AssociatedFiltSrcPort: 23
AssociatedFiltDestPort: 0