Step 5
|
show crypto ipsec sa detail
Example:
Device# show crypto ipsec sa detail
interface: GigabitEthernet0/0
Crypto map tag: cmap, local addr 10.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (209.165.201.1/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (209.165.200.1/255.255.255.224/0/0)
current_peer 172.16.0.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 20, #pkts encrypt: 20, #pkts digest: 20
#pkts decaps: 20, #pkts decrypt: 20, #pkts verify: 20
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#pkts no sa (send) 0, #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts tagged (send): 20, #pkts untagged (rcv): 20
#pkts not tagged (send): 0, #pkts not untagged (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0
local crypto endpt.: 10.1.1.2, remote crypto endpt.: 172.160.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x9F0DFA17(2668493335)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xD026B7DD(3492198365)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2043, flow_id: Onboard VPN:43, sibling_flags 80000040, crypto map: cmap
sa timing: remaining key lifetime (k/sec): (4228802/3367)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x9F0DFA17(2668493335)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2044, flow_id: Onboard VPN:44, sibling_flags 80000040, crypto map: cmap
sa timing: remaining key lifetime (k/sec): (4228802/3367)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.12.1/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (209.165.201.1/255.255.255.224/0/0)
current_peer 172.160.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#pkts no sa (send) 0, #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts tagged (send): 0, #pkts untagged (rcv): 0
#pkts not tagged (send): 0, #pkts not untagged (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0
local crypto endpt.: 10.1.1.2, remote crypto endpt.: 172.160.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
Displays the settings used by current security associations
(SAs).
|