Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 940
Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs
Also See for AP776A - Nexus Converged Network Switch 5020:
- Command reference manual (1640 pages) ,
- Configuration manual (1486 pages) ,
- Reference (886 pages)
Table of Contents
Advertisement
Displaying IPsec Configurations
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Example 37-12 Displays All SA Associations
switch# show crypto sad domain ipsec
interface: GigabitEthernet4/1
Example 37-13 Displays Information About the Policy Database
switch# show crypto spd domain ipsec
Policy Database for interface: GigabitEthernet4/1, direction: Both
#
#
#
#
63:
Policy Database for interface: GigabitEthernet4/2, direction: Both
#
#
#
#
63:
Example 37-14 Displays SPD Information for a Specific Interface
switch# show crypto spd domain ipsec interface gigabitethernet 4/2
Policy Database for interface: GigabitEthernet3/1, direction: Both
#
#
#
# 127:
Cisco MDS 9000 Family CLI Configuration Guide
37-32
Crypto map tag: cm10, local addr. 10.10.10.1
protected network:
local ident (addr/mask): (10.10.10.0/255.255.255.0)
remote
ident (addr/mask): (10.10.10.4/255.255.255.255)
current_peer: 10.10.10.4
local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.4
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x30e000f (51249167), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
current inbound spi: 0x30e0000 (51249152), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
Crypto map tag: cm10, local addr. 10.10.10.1
protected network:
local
ident (addr/mask): (10.10.10.0/255.255.255.0)
remote
ident (addr/mask): (10.10.10.4/255.255.255.255)
current_peer: 10.10.10.4
local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.4
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x30e000f (51249167), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
current inbound spi: 0x30e0000 (51249152), index: 0
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
0:
deny
udp any port eq 500 any
1:
deny
udp any any port eq 500
2:
permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
deny
ip any any
0:
deny
udp any port eq 500 any
1:
deny
udp any any port eq 500
3:
permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0
deny
ip any any
0:
deny
udp any port eq 500 any
1:
deny
udp any any port eq 500
2:
permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
deny
ip any any
<-----------------------UDP default entry
<---------------------- UDP default entry
<---------------------------------------- Clear text default entry
Chapter 37
Configuring IPsec Network Security
OL-18084-01, Cisco MDS NX-OS Release 4.x
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
