This chapter includes the show crypto command output tables.show crypto ikev2-ikesa security-associations summary Command Output Descriptions
•
•
•
•
•
•
•
•
•
•
•
•
• show crypto ipsec security-associations statistics Command Output Descriptions
• Application Supported: MIP or L2TP
• Local Address: The IP address of the interface on the system facilitating the security association (SA).
• Peer Address: The IP address of the peer security gateway facilitating the SA.
• Traffic Type: Control, GRE encapsulated data, or IPIP (IP-in-IP) encapsulated dataNOTE: When a crypto map does not have any IPSec SAs established yet, i.e. No IKE negotiation has taken place OR the tunnel had been brought down after inactivity during the entire lifetime of the SAs, is marked as "Security Association is not established!" NOTE: These items are displayed for the life of the ISAKMP SA. show crypto ipsec security-associations summary Command Output Descriptions
• E: Established
• P: Partially Established
• N: No SAs
• D: Rekey Disabled
• E: Rekey Enabled/No Keepalive
• K: Rekey Enabled/Keepalive
• D: Dynamic Map
• I: IKEv1 Map
• J: IKEv2 Map
• M: Manual Map show crypto isakmp keys Command Output Descriptions
show crypto isakmp security-associations Command Output Descriptions
show crypto managers Command Output Descriptions
show crypto managers instance Command Output Descriptions
•
•
• Serial number: <string>
• Next Timer <datetime>
• Expiry: <datetime>
• Serial number: <string>
• Expiry:<datetime> show crypto managers summary Command Output Descriptions
show crypto map summary Command Output Descriptions
show crypto statistics Command Output Descriptions
show crypto statistics IKEv2 service-name Command Output Descriptions
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |