1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Verifying The Configuration - Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 4
Configuring the SA-VAM2+

Verifying the Configuration

Some configuration changes take effect only after subsequent security associations are negotiated. For
the new settings to take effect immediately, clear the existing security associations.
To clear (and reinitialize) IPSec security associations, use one of the commands in
configuration mode:
Table 4-2
Command
clear crypto sa
or
clear crypto sa peer {ip-address |
peer-name}
or
clear crypto sa map map-name
or
clear crypto sa spi destination-address
protocol spi
The following steps provide information on verifying your configurations:
Step 1
Enter the show crypto ipsec transform-set command to view your transform set configuration:
Router# show crypto ipsec transform-set
Transform set combined-des-md5: {esp-des esp-md5-hmac}
will negotiate = {Tunnel,},
Transform set t1: {esp-des esp-md5-hmac}
will negotiate = {Tunnel,},
Transform set t100: {ah-sha-hmac}
will negotiate = {Transport,},
Transform set t2: {ah-sha-hmac}
will negotiate = {Tunnel,},
{esp-des}
will negotiate = {Tunnel,},
Enter the show crypto map [interface interface | tag map-name] command to view your crypto map
Step 2
configuration:
Router# show crypto map
Crypto Map: "router-alice" idb: Ethernet0 local address: 172.21.114.123
Crypto Map "router-alice" 10 ipsec-isakmp
Enter the show crypto ipsec sa [map map-name | address | identity | detail | interface] command to
Step 3
view information about IPSec security associations:
OL-5979-03
Diffie-Hellman group:
lifetime:
3600 seconds, no volume limit
Commands to Clear IP Sec Security Associations
Peer = 172.21.114.67
Extended IP access list 141
access-list 141 permit ip
source: addr = 172.21.114.123/0.0.0.0
dest:
addr = 172.21.114.67/0.0.0.0
Current peer: 172.21.114.67
Security-association lifetime: 4608000 kilobytes/120 seconds
PFS (Y/N): N
Transform sets={t1,}
#1 (768 bit)
Purpose
Clear IPSec security associations (SAs).
Using the clear crypto sa command without
parameters clears out the full SA database, which
clears out active security sessions. You may also
specify the peer, map, or spi keywords to clear
out only a subset of the SA database.
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Configuration Tasks
Table 4-2
in global
4-19

Advertisement

Table of Contents
loading

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Content for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents