IPSec VPN maintenance
You can display IPSec VPN configuration and status, and clear IPSec VPN data, using certain
show and clear commands. In addition, you can display the IPSec VPN log to verify the
success or failure of IPSec VPN operations, and to view the actual configuration of both peers
for a successful debug in case of a problem.
The following sections describe these options.
Displaying IPSec VPN configuration
You can use the following show commands to display IPSec VPN configuration. For a full
description of the commands and their output fields see Avaya G250 and Avaya G350 CLI
Reference, 03-300437.
Use the show crypto ipsec transform-set command to display configuration for a
●
specified transform-set or all transform-sets.
Use the show crypto isakmp policy command to display ISAKMP policy
●
configuration.
Use the show crypto isakmp peer command to display crypto ISAKMP peer
●
configuration.
Use the show crypto isakmp peer-group command to display crypto ISAKMP
●
peer-group configuration.
Use the show crypto map command to display all or specific crypto map
●
configurations.
Use the show ip crypto-list list# command to display the configuration of a
●
specific crypto-list.
Use the show ip crypto-list command to display all crypto-lists.
●
Use the show ip active-lists command to display the crypto-lists active on each
●
interface.
Displaying IPSec VPN status
You can use the following show commands to show runtime IPSec VPN database status and
statistics, and clear runtime statistics. For a full description of the commands and their output
fields see Avaya G250 and Avaya G350 CLI Reference, 03-300437.
Use the show crypto isakmp sa command to display ISAKMP SA database status.
●
Use the show crypto ipsec sa command to display the IPsec SA database status.
●
IPSec VPN maintenance
Issue 1.1 June 2005
383