Avaya G430 Manual page 503

Commands used to display IPSec VPN status
The following show commands show runtime IPSec VPN database status and statistics, and
clear runtime statistics.
• show crypto isakmp sa
• show crypto ipsec sa
• show crypto ipsec sa address
• show crypto ipsec sa list
Tip:
The detail option in the various show crypto ipsec sa commands, provides
detailed counters information on each IPSec SA. To pinpoint the source of a problem,
check for a counter whose value grows with time.
• clear crypto sa counters
For a description of these commands, see
For a full description of the commands and their output fields, see Avaya Branch Gateway
G430 CLI Reference.
Clearing both ISAKMP connection and IPSec SAs
Procedure
1. Clear the IPSec SAs with the clear crypto sa all command.
2. Clear the ISAKMP SA with the clear crypto isakmp command.
Configuring IPSec VPN logging
About this task
IPSec VPN logging allows you to view the start and finish of IKE phase 1 and IKE phase 2
negotiations. Most importantly, it displays the configuration of both peers, so that you can
pinpoint the problem in case of a mismatch between the IPSec VPN configuration of the
peers.
Note:
For more information about logging, see
Procedure
1. Use the set logging session enable command to enable session logging.
Administering Avaya G430 Branch Gateway
Gxxx-001# set logging session enable
Done!
CLI-Notification: write: set logging session enable
Summary of VPN commands
System logging on page 215.
IPSec VPN
on page 550 .
October 2013 503