セキュリティー・アソシエーションがネゴシエーションされた後で、ipsec -f display コマンドは、セキュリティー・アソシエーションの作成時に作成された 2 つの動的フィルター (インバウンドとアウトバウンドのアンカー・フィルターに対応) が追加されたことを示します。動的フィルターは、フィルター・テーブル内でアンカー・フィルターより前に置かれるので、IP フィルター操作の実施時は、まず動的フィルターが検索されます。以下のサンプル出力では、フェーズ 2 セキュリティー・アソシエーションの活動化の後で、フィルター・テーブルに 2 つの動的フィルターが既に追加済みである点に注意してください。Type フィールドは、フィルターが動的アンカー・フィルターか動的フィルターかを示しています。
ipsec -f dis -n Rule2Admin
CS V2R1 ipsec Stack Name: TCPCS Tue Feb 14 11:23:54 2012
Primary: Filter Function: Display Format: Detail
Source: Stack Policy Scope: Current TotAvail: 139
Logging: On Predecap: Off DVIPSec: Yes
NatKeepAlive: 20 FIPS140: No
Defensive Mode: Inactive
FilterName: Rule2Admin
FilterNameExtension: 1
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y4
Type: Dynamic
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Outbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 9.1.1.1
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.2
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: n/a
UpdateTime: n/a
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 1
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: Rule2Admin
FilterNameExtension: 1
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Outbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.1
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.2
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:49:48
UpdateTime: 2012/02/14 11:07:20
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 1
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: Rule2Admin
FilterNameExtension: 2
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y4
Type: Dynamic
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Inbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 9.1.1.2
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.1
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: n/a
UpdateTime: n/a
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 1
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: Rule2Admin
FilterNameExtension: 2
GroupName: Admin
LocalStartActionName: n/a
VpnActionName: Silver-TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Inbound
OnDemand: No
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.2
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.1
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:49:48
UpdateTime: 2012/02/14 11:07:20
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 1
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
4 entries selected