Not seeing Packets Encypted or Decrypted

Unanswered Question
Sep 18th, 2008
User Badges:

I used to be able to see the number of packets encypted and decrypted using the sh ipsec sa command.... I cannot see that anymore. Has anyone seen this before?

Crypto map tag: themap, seq num: 10, local addr: XXXX


access-list 130 permit ip 172.XXX 255.255.254.0 172.XXX 255.255.0.0

local ident (addr/mask/prot/port): (172.XXX/255.255.254.0/0/0)

remote ident (addr/mask/prot/port): (172.XXX/255.255.0.0/0/0)

current_peer: XXXX


#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 92, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0


local crypto endpt.: XXXX, remote crypto endpt.: XXXX


path mtu 1500, ipsec overhead 58, media mtu 1500

current outbound spi: 8AB4FE37


inbound esp sas:

spi: 0xF72E1976 (4146993526)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4275000/15175)

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0x8AB4FE37 (2327117367)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4274999/15167)

IV size: 8 bytes

replay detection support: Y


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Thu, 09/18/2008 - 10:46
User Badges:
  • Silver, 250 points or more

What device is this ? ASA? what code its running?


can you try "show crypto ipsec sa" and see if it shows counters for encrypts/decrypts?


HTH

Saju

Pls rate helpful posts

HEATH FREEL Thu, 09/18/2008 - 10:48
User Badges:

Sorry - this is an ASA5580 ver 8.1(1)


I have tried all types of show commands, including details.


sh ipsec sa

sh ipsec sa det

sh crypto ipsec sa

sh crypto ipsec sa det


singhsaju Thu, 09/18/2008 - 12:46
User Badges:
  • Silver, 250 points or more

This could be a bug with version code. You can open TAC case to have it investigated.


HTH

Saju

Actions

This Discussion