- sh crypto isakmp policy
- sh crypto isakmp sa
- sh crypto isakmp peer
- sh crypto isakmp key
- sh crypto ipsec transform-set
- sh cry ipsec sa
- sh crypto map
- sh crypto map interface serial 0
- sh crypto engine brief
- sh crypto engine configuration
- sh crypto engine connections active
- sh crypto engine connections flow
- sh crypto engine connections dropped-packet
- sh crypto call admission statistics
 |
| IPSEC VPN SHOW COMMANDS |
Global IKE policy
Protection suite of priority 10
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #5 (1536 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
2) R1#sh crypto isakmp sa
dst src state conn-id slot status
12.0.0.2 12.0.0.1 QM_IDLE 1 0 ACTIVE
3) R1#sh crypto isakmp peers
Peer: 12.0.0.2 Port: 500 Local: 12.0.0.1
Phase1 id: 12.0.0.2
4) R1#sh crypto isakmp key
Keyring Hostname/Address Preshared Key
default 12.0.0.2 cisco@123
5) R1#sh crypto ipsec transform-set
Transform set TECHSTUFF: { esp-256-aes esp-sha-hmac }
will negotiate = { Tunnel, },
interface: Serial0
Crypto map tag: TECHMAP, local addr 12.0.0.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (20.0.0.0/255.255.255.0/0/0)
current_peer 12.0.0.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 349, #pkts encrypt: 349, #pkts digest: 349
#pkts decaps: 348, #pkts decrypt: 348, #pkts verify: 348
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 12.0.0.1, remote crypto endpt.: 12.0.0.2
path mtu 1500, ip mtu 1500, ip mtu idb Serial0
current outbound spi: 0x3F257E81(1059421825)
inbound esp sas:
spi: 0x8CE1C3FE(2363606014)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: TECHMAP
sa timing: remaining key lifetime (k/sec): (4484301/3224)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x3F257E81(1059421825)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: TECHMAP
sa timing: remaining key lifetime (k/sec): (4484300/3221)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
7) R1#sh crypto map
Crypto Map "TECHMAP" 10 ipsec-isakmp
Peer = 12.0.0.2
Extended IP access list 100
access-list 100 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
Current peer: 12.0.0.2
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
TECHSTUFF,
}
Interfaces using crypto map TECHMAP:
Serial0
8) R1#sh crypto map interface serial 0 =======> most useful command
Crypto Map "TECHMAP" 10 ipsec-isakmp
Peer = 12.0.0.2
Extended IP access list 100
access-list 100 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
Current peer: 12.0.0.2
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
TECHSTUFF,
}
Interfaces using crypto map TECHMAP:
Serial0
9) R1#sh crypto engine brief
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: FF1045C5
crypto engine state: installed
crypto engine in slot: N/A
10) R1#sh crypto engine configuration
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: FF1045C5
crypto engine state: installed
crypto engine in slot: N/A
platform: Cisco Software Crypto Engine
Crypto Adjacency Counts:
Lock Count: 603
Unlock Count: 603
crypto lib version: 19.0.0
11) R1#sh crypto engine connections active
ID Interface IP-Address State Algorithm Encrypt Decrypt
1 Serial0 12.0.0.1 set HMAC_SHA+AES_CBC 0 0
2001 Serial0 12.0.0.1 set AES256+SHA 0 675
2002 Serial0 12.0.0.1 set AES256+SHA 676 0
12) R1#sh crypto engine connections flow
Crypto engine: Software Crypto Engine
flow_id ah_conn_id esp_conn_id comp_spi
1 <none> 2001 <none>
2 <none> 2002 <none>
13) R1#sh crypto engine connections dropped-packet
No dropped packets.
14) R1#sh crypto call admission statistics
---------------------------------------------------------------------
Crypto Call Admission Control Statistics
---------------------------------------------------------------------
System Resource Limit: 0 Max IKE SAs: 0
Total IKE SA Count: 1 active: 1 negotiating: 0
Incoming IKE Requests: 0 accepted: 0 rejected: 0
Outgoing IKE Requests: 1 accepted: 1 rejected: 0
Rejected IKE Requests: 0 rsrc low: 0 SA limit: 0
No comments:
Post a Comment