Displaying Ipsec Configurations - HP Cisco MDS 9020 - Fabric Switch Configuration Manual
Cisco mds 9000 family cli configuration guide, release 3.x (ol-16184-01, april 2008)
Hide thumbs
Also See for Cisco MDS 9020 - Fabric Switch:
- Service manual (242 pages) ,
- Configuration manual (1384 pages) ,
- Handbook (141 pages)
Table of Contents
Advertisement
Chapter 35
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Example 35-5 Displays the Currently Established SAs for IKE
switch# show crypto ike domain ipsec sa
Tunn
----------------------------------------------------------------------------------------
1*
2
-----------------------------------------------------------------------------------------
NOTE: tunnel id ended with * indicates an IKEv1 tunnel
Displaying IPsec Configurations
You can verify the IPsec information by using the show set of commands. See Examples
Example 35-6 Displays Information for the Specified ACL
switch# show ip access-list acl10
ip access-list acl10 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 (0 matches)
In
Example
this criteria.
Example 35-7 Displays the Transform Set Configuration
switch# show crypto transform-set domain ipsec
Transform set: 3des-md5 {esp-3des esp-md5-hmac}
Transform set: des-md5 {esp-des esp-md5-hmac}
Transform set: test {esp-aes-128-cbc esp-md5-hmac}
Example 35-8 Displays All Configured Crypto Maps
switch# show crypto map domain ipsec
Crypto Map "cm10" 1 ipsec
Crypto Map "cm100" 1 ipsec
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Local Addr
172.22.31.165[500]
172.22.91.174[500]
35-6, the display output match is only displayed of an interface (not the crypto map) meets
will negotiate {tunnel}
will negotiate {tunnel}
will negotiate {tunnel}
Peer = Auto Peer
IP ACL = acl10
permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
Transform-sets: 3des-md5, des-md5,
Security Association Lifetime: 4500 megabytes/3600 seconds
PFS (Y/N): N
Interface using crypto map set cm10:
GigabitEthernet4/1
Peer = Auto Peer
IP ACL = acl100
permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0
Transform-sets: 3des-md5, des-md5,
Security Association Lifetime: 4500 megabytes/3600 seconds
PFS (Y/N): N
Interface using crypto map set cm100:
GigabitEthernet4/2
Remote Addr
Encr
172.22.31.166[500] 3des
172.22.91.173[500] 3des
Cisco MDS 9000 Family CLI Configuration Guide
Displaying IPsec Configurations
Hash
Auth Method
sha1
preshared key
sha1
preshared key
35-6
Lifetime
86400
86400
to 35-19.
35-31
Advertisement
Chapters
Table of Contents
Troubleshooting
