09-18-2008 10:34 AM
I used to be able to see the number of packets encypted and decrypted using the sh ipsec sa command.... I cannot see that anymore. Has anyone seen this before?
Crypto map tag: themap, seq num: 10, local addr: XXXX
access-list 130 permit ip 172.XXX 255.255.254.0 172.XXX 255.255.0.0
local ident (addr/mask/prot/port): (172.XXX/255.255.254.0/0/0)
remote ident (addr/mask/prot/port): (172.XXX/255.255.0.0/0/0)
current_peer: XXXX
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 92, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: XXXX, remote crypto endpt.: XXXX
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 8AB4FE37
inbound esp sas:
spi: 0xF72E1976 (4146993526)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 126976, crypto-map: themap
sa timing: remaining key lifetime (kB/sec): (4275000/15175)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8AB4FE37 (2327117367)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 126976, crypto-map: themap
sa timing: remaining key lifetime (kB/sec): (4274999/15167)
IV size: 8 bytes
replay detection support: Y
09-18-2008 10:46 AM
What device is this ? ASA? what code its running?
can you try "show crypto ipsec sa" and see if it shows counters for encrypts/decrypts?
HTH
Saju
Pls rate helpful posts
09-18-2008 10:48 AM
Sorry - this is an ASA5580 ver 8.1(1)
I have tried all types of show commands, including details.
sh ipsec sa
sh ipsec sa det
sh crypto ipsec sa
sh crypto ipsec sa det
09-18-2008 12:46 PM
This could be a bug with version code. You can open TAC case to have it investigated.
HTH
Saju
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: