Troubleshooting Virtual Private Networks

Additional Troubleshooting Commands

This section contains some additional commands that may be useful when troubleshooting IPSec VPNs.

show crypto engine connections active

The show crypto engine connections active command (see Example 8-112) shows active IKE and IPSec SAs.

Example 8-112. Active IKE and IPSec SAs

Tokyo#show crypto engine connections active
  ID Interface        IP-Address      State  Algorithm           Encrypt  Decrypt
   3 <none>           <none>          set    HMAC_MD5+DES_56_CB        0        0
						2000 Serial4/0        172.16.5.1      set    HMAC_MD5+DES_56_CB        0        5
						2001 Serial4/0        172.16.5.1      set    HMAC_MD5+DES_56_CB       11        0
Tokyo#

Highlighted line 1 shows an IKE SA with connection ID 3. Note that the encrypt and decrypt counters both remain at zero.

Highlighted lines 2 and 3 show an inbound and an outbound ...

Get Troubleshooting Virtual Private Networks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Troubleshooting Virtual Private Networks by Mark Lewis

Additional Troubleshooting Commands

show crypto engine connections active

Example 8-112. Active IKE and IPSec SAs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly