Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Crypto Show Commands

14-118 Configuring the VPN

Crypto Show Commands

show crypto ipsec sa

ThiscommanddisplayscurrentSecurityAssociations(SAs)settings.

Syntax

show crypto ipsec sa [map map-name | address]

Mode

EXECorGlobalconfiguration:XSR> or XSR(config)#

Sample Output

ThefollowingissampleoutputwhenNATisnot presentbetweenthecryptoendpoints.Thefirst

sectionistheinboundSA,andthesecondsection,theoutboundSA.TheUDPportfollowthethe

IPaddressforcryptoendpointswhenaNATispresent.

XSR#show crypto ipsec sa

10.1.1.2/32, UDP, 1701 ==> 10.2.1.34/32, UDP, 1701 : 71 packets

ESP: SPI=f5ae2b52, Transform=3DES/HMAC-SHA, Life=3575S/249929KB

Local crypto endpt.=10.2.1.34, Remote crypto endpt.=10.1.1.2

Encapsulation=Transport

10.2.1.34/32, UDP, 1701 ==> 10.1.1.2/32, UDP, 1701 : 36 packets

ESP: SPI=5419ec15, Transform=3DES/HMAC-SHA, Life=3575S/249933KB

Local crypto endpt.=10.2.1.34, Remote crypto endpt.=10.1.1.2

Encapsulation=Transport

ThefollowingissampleoutputwhenNATispresentbetweenthecryptoendpoints.Notethat

UDP‐Encapsdisplays,indicatingthatencapsulationisenabledwithaNATpresent.

10.2.1.10/32, UDP, 1701 ==> 10.2.1.34/32, UDP, 1701 : 52 packets

ESP: SPI=40d5e065, Transform=3DES/HMAC-SHA, Life=3589S/249932KB

Local crypto endpt.=10.2.1.34:4500, Remote crypto endpt.=10.2.1.10:41108

Encapsulation=Transport UDP-Encaps

10.2.1.34/32, UDP, 1701 ==> 10.2.1.10/32, UDP, 1701 : 32 packets

ESP: SPI=5c0f6fb5, Transform=3DES/HMAC-SHA, Life=3589S/249934KB

Local crypto endpt.=10.2.1.34:4500, Remote crypto endpt.=10.2.1.10:41108

Encapsulation=Transport UDP-Encaps

Parameter Description

map-name

ShowsanyexistingSAscreatedforthecryptomapsetnamedmap‐name.

address

ShowsallexistingSAs,sortedbythedestinationaddress(eitherthelocaladdress

ortheaddressoftheIPSecremotepeer)andthenbyprotocol(AHorESP).

10.2.1.10/32,UDP,1701 IPaddress,protocol,andprotocolportnumberofthe

sourceACLentryassociatedwiththisSA.

10.2.1.34/32,UDP,1701 IPaddress,protocol,andprotocolportnumberofthe

destinationACLentryassociatedwiththisSA.

52packets NumberofpacketsprocessedbythisSA.

previous next