How do I see show crypto ipsec sa active?

Unanswered Question
Feb 27th, 2008
User Badges:

I configured static ipsec with preshared key,transform set and applied crypto isakmp policy. I see crypto ipsec sa active as follows


C1841D#sh crypto ipsec sa


interface: Serial0/1/0.300

Crypto map tag: STATICTEST, local addr 172.16.1.1


protected vrf: (none)

local ident (addr/mask/prot/port): (172.16.200.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (172.16.216.0/255.255.255.0/0/0)

current_peer 172.16.1.49 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 1, #recv errors 0


local crypto endpt.: 172.16.1.1, remote crypto endpt.: 172.16.1.49

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0.300

current outbound spi: 0x73D9E56C(1943659884)


inbound esp sas:

spi: 0x1F8F39BA(529480122)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2155, flow_id: FPGA:155, crypto map: STATICTEST

sa timing: remaining key lifetime (k/sec): (4575959/3151)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE


inbound ah sas:


inbound pcp sas:


outbound esp sas:

spi: 0x73D9E56C(1943659884)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2156, flow_id: FPGA:156, crypto map: STATICTEST

sa timing: remaining key lifetime (k/sec): (4575959/3150)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE


outbound ah sas:


outbound pcp sas:

C1841D#


but when I cannont see any sa with the output of C1841D#sh crypto ipsec sa active


No SAs found

how is that possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion