6802800U74-AN
Chapter 13: MTS Troubleshooting
• SHA-1
•
SHA-256
•
SHA-384
•
SHA-512
To verify if the link encryption option is enabled or disabled in the system, use the ipsec config
command. The command displays both, the Main system and the Local system site link encryption
configuration.
SC: ipsec config
---------------------------------------------
MSO: main
encrypted sitelinks: enabled
encryption algorithm: AES256
authentication algorithm: sha1
authentication method: pre-shared key
IKE SA lifetime: 6h
IPsec SA lifetime: 1h
pm sessions encryption: disabled
---------------------------------------------
—-------------------------------------------
MSO: local
encrypted sitelinks: disabled
encryption algorithm: AES256
authentication algorithm: sha1
authentication method: pre-shared key
IKE SA lifetime: 6h
IPsec SA lifetime: 1h
pm sessions encryption: disabled
---------------------------------------------
SC:
To display statistics, execute the ipsec stats show command on the Site Controller MMI.
For more details on the Encryption configuration, see the "Link Encryption Configuration" chapter in the
Link Encryption manual.
13.1.3.3.8.2
Verifying Encryption Capability
When and where to use:
Verify that the MTS software is encryption-capable.
NOTICE: This content is applicable to 8.1 System Release and onward.
Procedure:
1 At the MMI command prompt, type ver and find the build number which follows the pattern
MTS_TSC_APP-R<X>.
Where <X> is a digit.
2 Check if the third digit in the software build number is equal to 4.
Step example: The third digit in build MTS_TSC_APP-R08.41.06 is equal to 4, thus the MTS
software supports encryption. In contrast, in the build MTS_TSC_APP-R08.11.06 the third digit
is not equal to 4, thus the MTS software does not support encryption.
368