Displaying Ipsec Configurations - Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Displaying IPsec Configurations

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Example 30-3 Displays the Key Configuration
switch# show crypto ike domain ipsec key
key abcdefgh address 1.1.1.1
key bcdefghi address 1.1.2.1
Example 30-4 Displays the Currently Established Policies for IKE
switch# show crypto ike domain ipsec policy 1
Priority 1, auth pre-shared, lifetime 6000 secs, encryption 3des, hash md5, DH group 5
Priority 3, auth pre-shared, lifetime 86300 secs, encryption aes, hash sha1, DH group 1
Example 30-5 Displays the Currently Established SAs for IKE
switch# show crypto ike domain ipsec sa
Tunn
----------------------------------------------------------------------------------------
1*
2
-----------------------------------------------------------------------------------------
NOTE: tunnel id ended with * indicates an IKEv1 tunnel
Displaying IPsec Configurations
You can verify the IPsec information by using the show set of commands. See Examples
Example 30-6 Displays IP-ACL Information
switch# show ip access-list usage
Access List Name/Number
----------------------------- ------- ------- --------- -------------
acl10
acl100
acl100subnet
Example 30-7 Displays Information for the Specified ACL
switch# show ip access-list acl10
ip access-list acl10 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 (0 matches)
In Example
this criteria.
Example 30-8 Displays the Transform Set Configuration
switch# show crypto transform-set domain ipsec
Transform set: 3des-md5 {esp-3des esp-md5-hmac}
Transform set: des-md5 {esp-des esp-md5-hmac}
Transform set: test {esp-aes-128-cbc esp-md5-hmac}
Cisco MDS 9000 Family Configuration Guide
30-24
Local Addr
172.22.31.165[500]
172.22.91.174[500]
30-7, the display output match is only displayed of an interface (not the crypto map) meets
will negotiate {tunnel}
will negotiate {tunnel}
will negotiate {tunnel}
Remote Addr Encr
172.22.31.166[500] 3des
172.22.91.173[500] 3des
Filters IF Status
1 0 active
1 0 active
1 0 active
Chapter 30 Configuring IPsec Network Security
Hash Auth Method
sha1 preshared key
sha1 preshared key
Creation Time
Mon Mar 2 05:07:20 1981
Mon Mar 2 05:07:20 1981
Mon Mar 2 05:07:20 1981
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Lifetime
86400
86400
30-6 to 30-20.