Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual page 684

Displaying IPsec Configurations
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Example 30-12 Displays SA Association for the Specified Interface
switch# show crypto sad domain ipsec interface gigabitethernet 4/1
interface: GigabitEthernet4/1
Example 30-13 Displays All SA Associations
switch# show crypto sad domain ipsec
interface: GigabitEthernet4/1
Example 30-14 Displays Information About the Policy Database
switch# show crypto spd domain ipsec
Policy Database for interface: GigabitEthernet4/1, direction: Both
#
#
#
# 63:
Policy Database for interface: GigabitEthernet4/2, direction: Both
#
#
#
# 63:
Example 30-15 Displays SPD Information for a Specific Interface
switch# show crypto spd domain ipsec interface gigabitethernet 4/2
Policy Database for interface: GigabitEthernet3/1, direction: Both
#
#
#
# 127:
Cisco MDS 9000 Family Configuration Guide
30-26
Crypto map tag: cm10, local addr. 10.10.10.1
protected network:
local ident (addr/mask): (10.10.10.0/255.255.255.0)
remote ident (addr/mask): (10.10.10.4/255.255.255.255)
current_peer: 10.10.10.4
local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.4
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x30e000f (51249167), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
current inbound spi: 0x30e0000 (51249152), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
Crypto map tag: cm10, local addr. 10.10.10.1
protected network:
local ident (addr/mask): (10.10.10.0/255.255.255.0)
remote ident (addr/mask): (10.10.10.4/255.255.255.255)
current_peer: 10.10.10.4
local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.4
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x30e000f (51249167), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
current inbound spi: 0x30e0000 (51249152), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
0: deny udp any port eq 500 any
1: deny udp any any port eq 500
2: permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
deny ip any any
0: deny udp any port eq 500 any
1: deny udp any any port eq 500
3: permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0
deny ip any any
0: deny udp any port eq 500 any
1: deny udp any any port eq 500
2: permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
deny ip any any
<-----------------------UDP default entry
<---------------------- UDP default entry
<---------------------------------------- Clear text default entry
Chapter 30 Configuring IPsec Network Security
OL-6973-03, Cisco MDS SAN-OS Release 2.x