IPSec Show Commands

You can use a few commands to verify and troubleshoot your IPSec tunnel configuration:

  • show crypto ipsec sa— Displays all IPSec SAs. The output displays the interface that the crypto map is applied to and the traffic flow between the source IP address, destination IP address, protocol, and port that are protected.

  • show crypto ipsec security-association lifetime— Displays the IPSec SA lifetime that was configured in crypto map configuration mode.

  • show crypto ipsec transform-set— Displays the IPSec transform sets you configured.

  • show crypto map— Displays the crypto map parameters you configured along with the interfaces that the crypto map is applied to. Figure 9.12 displays an example of this command's output.

    Figure 9.12. ...

Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial