Show crypto ipsec transformset show crypto isakmp sa30

RouterA # show crypto ipsec transform-set Transform set mine: { esp-des £ will negotiate ■ { Tunnel, },

View the currently defined transform sets.

RouterA # show crypto isakmp sa dst src state conn-id slot

Shows Phase I security associations.

© 2004 Cisco Systems, Ir

Use the show crypto ipsec transform-set EXEC command to view the configured transform sets. The command has the following syntax:

show crypto ipsec transform-set [tag transform-set-name]

show crypto ipsec transform-set Command



tag transform-set-name

(Optional) Shows only the transform sets with the specified transform-set-name

If no transform-set-name keyword is used, all transform sets configured at the router are displayed.

Use the show crypto isakmp sa command to show Phase I SAs. If the connection is working properly and an ISAKMP SA exists, it will be in its quiescent state—QM_IDLE—indicating that the ISAKMP SA is present but idle. It remains authenticated with its peer and may be used for subsequent quick mode exchanges.

The show crypto ipsec sa Command

This topic illustrates an example of the show crypto ipsec sa command.

show crypto ipsec sa

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-5

Use the show crypto ipsec sa EXEC command to view the settings used by current SAs. If no keyword is used, all security associations are displayed. The command syntax is as follows:

show crypto ipsec sa [map map-name | address | identity] [detail]

show crypto ipsec sa Command



map map-name

(Optional) Shows any existing SAs created for the crypto map.


(Optional) Shows all the existing SAs, sorted by the destination address and then by protocol (Authentication Header [AH] or Encapsulating Security Payload [ESP]).


(Optional) Shows only the flow information. It does not show the SA information.


(Optional) Shows detailed error counters. (The default is the highlevel send and receive error counters.)

0 0

Post a comment