show crypto ipsec sa
Use the show crypto ipsec sa command to display the IPSec SA database and related
runtime, statistical, and configuration information. If no crypto-list, crypto-list rule, or peer IP
address are specified, then all SAs are displayed, sorted first by interface and then by crypto-list
rule index.
Note:
The IPSec SA statistics counters are reset when any of the following occurs:
Note:
- The
- avipsMonitorRstCntrs is set in the MIB (equivalent to the above).
- The
- The crypto-list is activated on an interface for the first time.
- A failing-over to a different peer occurs.
- A new local-address is learned (due to DHCP, PPPoE, user configuration).
Note:
The IP Payload Compression (IPPCP) numbers refer to data as it is presented to
Note:
the compression/decompression engine, which is before outbound protection
and after inbound de-protection. Hence, the numbers do not take into account
encapsulation and encryption overheads.
Syntax
show crypto ipsec sa [list crypto-list-id [rule rule-id] | address]
[detail]
Parameters
Parameter
list
crypto-list-id
rule
rule-id
clear crypto sa counters
clear crypto sa
Description
The crypto-list whose SA
configuration should be displayed.
The ip-rule in the crypto-list
whose SA configuration should be
displayed.
Alphabetical listing of CLI commands
command is used.
all command is used.
Possible Values
Default
Value
Issue 1.1 June 2005
527