Router firewall ios commands

Answered Question
Aug 2nd, 2007
User Badges:

In order to troubleshoot problems resulting from an issue with a vpn connection where router contains a firewall ios, knowing the correct commands are essential. What are the proper commands that should be used in displaying information related to vpn problems? For example, on a pix commands show conn, show isa sa, show ipsec sa, sh exlate etc. help in determining issues. What are some commands that are the equivalent to these and what others can be used on a router that has a firewall ios?

Correct Answer by sundar.palaniappan about 9 years 10 months ago

Have a look at this link to learn more about the Cisco IOS Firewall.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
mattiaseriksson Thu, 08/02/2007 - 11:47
User Badges:
  • Bronze, 100 points or more

To troubleshoot vpn problems in ios I think the best show commands are:

show crypto isakmp sa: Shows ISAKMP security associations (SAs) built between peers.

show crypto ipsec sa: Shows IPsec SAs built between peers.

show crypto engine connection active: Shows every SA built and the amount of traffic sent.

Debug commands:

debug crypto isakmp

debug crypto ipsec

nextccie08 Thu, 08/02/2007 - 16:30
User Badges:

Thanks, that is a start. However, are there any commands that are the equivalent or similar to pix commands such as show conn, show count, show xlate etc.

mattiaseriksson Fri, 08/03/2007 - 00:23
User Badges:
  • Bronze, 100 points or more

sh conn = sh ip inspect session

sh count = sh ip traffic

sh xlate = sh ip nat translations

nextccie08 Fri, 08/03/2007 - 04:22
User Badges:

Thanks for all the info. This will help a great deal in the future. Lastly, is there a link for more indepth features regarding firewall ioses?

jerrytozhang Fri, 08/03/2007 - 05:30
User Badges:

The following is my favorate command if you have 2800/3800 router with a VPN accelerater module.

show crypto engine accelerator statistic


This Discussion