Cisco CRS User Manual page 146

show crypto ipsec sa
Table 10: show crypto ipsec sa Field Descriptions
Field
SA id
interface
profile
local ident
remote ident
outbound esp sas
inbound esp sas
transform
sa lifetime
The following sample output is from the show crypto ipsec sa command for the profile keyword for a profile
named pn1:
RP/0/RP0/CPU0:router# show crypto ipsec sa profile pn1
SA id: 2
interface: tunnel0
profile: pn1
local ident (addr/mask/prot/port): (172.19.70.92/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.19.72.120/255.255.255.255/0/0)
local crypto endpt: 172.19.70.92, remote crypto endpt: 172.19.72.120
outbound esp sas:
spi: 0x8b0e950f (2332988687)
transform: esp-3des-sha
in use settings = Tunnel
sa lifetime: 3600s, 4194303kb
SA id: 2
interface: tunnel0
profile: pn1
local ident (addr/mask/prot/port): (172.19.72.120/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.19.70.92/255.255.255.255/0/0)
local crypto endpt: 172.19.72.120, remote crypto endpt: 172.19.70.92
inbound esp sas:
spi: 0x2777997c (662149500)
transform: esp-3des-sha
in use settings = Tunnel
sa lifetime: 3600s, 4194303kb
The following sample output is from the show crypto ipsec sa command for the peer keyword:
RP/0/RP0/CPU0:router# show crypto ipsec sa peer 172.19.72.120
SA id: 2
interface: tunnel0
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
136
Description
Identifier for the SA.
Identifier for the interface.
String of alphanumeric characters that specify the
name of a security profile.
IP address, mask, protocol, and port of the local peer.
IP address, mask, protocol and port of the remote
peer.
Outbound ESP SAs.
Inbound ESP SAs.
The transform being used in the SA.
The lifetime value used in the SA.
IPSec Commands
OL-24740-01