ISAKMP/IKE Phase 2 Connections

In this section I’ll discuss some router commands you can use to troubleshoot ISAKMP/ IKE Phase 2 connections. I’ll begin by describing briefly the commands you can use and then, in later sections, discuss some of these commands in more depth.

Overview of the Phase 2 Commands

If you’re experiencing problems with establishing IPsec data connections with an IPsec peer, there are several commands you can use to help pinpoint the problem. Here’s a brief summary of these commands:

  • show crypto engine connections active— Displays each data SA that was built and the amount of traffic traversing each.

  • show crypto ipsec sa— Displays the data SAs established between two IPsec peers, and the components used to protect the ...

Get The Complete Cisco VPN Configuration Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.