Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Crypto Show Commands

XSR CLI Reference Guide 14-119

show crypto ipsec transform-set

Thiscommanddisplaysconfiguredtransform‐sets.IPSectransform‐setscreatedwithEZ‐IPSec

configurationaremarkedwithanasterisk(*)inthe

showoutput.Theseproposalsmaynotbeused

inotheruser‐definedIPSecpolicies.TheyarereservedforEZ‐IPSec

Syntax

show crypto ipsec transform-set [transform-set-name]

Mode

EXECorGlobalconfiguration:XSR> or XSR(config)#

Sample Output

Thefollowingexamplewasproducedfrommanuallyconfiguredtransform‐sets:

XSR#show crypto ipsec transform-set

Name

PFS ESP ESP-AH AH IPCOMP

esp-3des-md5 Disabled AES HMAC-MD5 None None

ah-sha Disabled None None HMAC-SHA None

ThefollowingoutputwasproducedbyEZ‐IPSectransform‐sets:

XSR#show crypto ipsec transform-set

Name PFS ESP ESP-AH AH IPCOMP

*ez-esp-3des-sha-pfs Modp768 3DES HMAC-SHA None None

*ez-esp-3des-sha-no-pfs Disabled 3DES HMAC-SHA None None

*ez-esp-3des-md5-pfs Modp768 3DES HMAC-MD5 None None

*ez-esp-3des-md5-no-pfs Disabled 3DES HMAC-MD5 None None

*ez-esp-aes-sha-pfs Modp768 AES HMAC-SHA None None

*ez-esp-aes-sha-no-pfs Disabled AES HMAC-SHA None None

*ez-esp-aes-md5-pfs Modp768 AES HMAC-MD5 None None

*ez-esp-aes-md5-no-pfs Disabled AES HMAC-MD5 None None

ESP TypeofSA:eitherESPorAH.

SPI=40d5e065 UniqueSecurityParameterIndex(SPI)numberfortheSA.

Transform Encryptionalgorithmset.

Life=3589s/24993 2KB LifetimeoftheSAinsecondsandKBytes.

Localcryptoendpt.‐10.2.1.34:4500 IPaddressandportnumberofthelocalcryptopeer.

Remotecryptoendpt.‐10.2.1.34:4500 IPaddressandportnumberofthe

remotecryptopeer.

Encapsulation ESPorAHEncodingMode.

UDP‐Encaps IndicatesNATispresentbetweenthecryptoendpoints.

transform-set-name

Showstransform‐setswiththespecifictransform‐set‐nameonly.

previous next