Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Remote Peer Show Commands

XSR CLI Reference Guide 14-105

show crypto isakmp proposal

ThiscommandlistsattributesforeachInternetKeyExchange(IKE)proposal.ISAKMPproposals

createdwithEZ‐IPSecaremarkedwithanasterisk(*)inthe

showoutput.Theseproposalsmaynot

beusedinotheruser‐definedISAKMPpolicies‐theyarereservedforEZ‐IPSec.

Syntax

show crypto isakmp proposal

Mode

EXECorGlobalconfiguration:XSR> or XSR(config)#

Sample Output

XSR#show crypto isakmp proposal

Name Authentication Encrypt Integrity Group Lifetime

test PreSharedKeys AES HMAC-MD5 Modp1024

ThefollowingoutputwasproducedbyISAKMP proposalscreatedviaEZ‐IPSec:

XSR#show crypto isakmp proposal

Name Authentication Encrypt Integrity Group Lifetime

*ez-ike-3des-sha-psk PreSharedKeys 3DES HMAC-SHA Modp1024 28800

*ez-ike-3des-md5-psk PreSharedKeys 3DES HMAC-MD5 Modp1024 28800

*ez-ike-3des-sha-rsa RSASignature 3DES HMAC-SHA Modp1024 28800

*ez-ike-3des-md5-rsa RSASignature 3DES HMAC-MD5 Modp1024 28800

show crypto isakmp sa

ThiscommandlistsallcurrentInternetKeyExchangeSecurityAssociations(SAs)foryourXSR.

AnSAoccupiesacertainstatedependinguponwhereintheauthenticationprocessthepeersare

andwhatexchangemodetheyshare‐Aggressive,MainorQuick.Duringlongexchanges,someof

theMMstatesmaybe

seen.RefertotheParameterDescriptionsforfurtherexplanation.

Syntax

show crypto isakmp sa

Mode

EXECorGlobalconfiguration:XSR> or XSR(config)#

Sample Output

ThefollowingoutputdisplaystwoSAs,oneinMainModeexchangepreparingtoauthenticate

andtheotherinQuickModeexchangereadyfortraffic:

XSR#show crypto isakmp sa

Connection-ID State Source Destination Lifetime

526 MM_KEY_AUTH 192.168.2.2 192.168.2.1

9 QM_IDLE 192.168.55.10 141.154.196.87

previous next