This section contains some additional commands that may be useful when troubleshooting IPSec VPNs.
The show crypto engine connections active command (see Example 8-112) shows active IKE and IPSec SAs.
Tokyo#show crypto engine connections active ID Interface IP-Address State Algorithm Encrypt Decrypt 3 <none> <none> set HMAC_MD5+DES_56_CB 0 0 2000 Serial4/0 172.16.5.1 set HMAC_MD5+DES_56_CB 0 5 2001 Serial4/0 172.16.5.1 set HMAC_MD5+DES_56_CB 11 0 Tokyo#
Highlighted line 1 shows an IKE SA with connection ID 3. Note that the encrypt and decrypt counters both remain at zero.
Highlighted lines 2 and 3 show an inbound and an outbound ...