How to check ALL routing table (also the VPN routing table)

Unanswered Question
Apr 2nd, 2009
User Badges:


is there a command with the cli to cehck all the routing tables also the IPSEC L2L (because if I need to configure a new VPN L2L or a new route need to check the all configuration !!!)

With the "sh ip route" I cannot see the VPN IPSEC L2L (or the C2L routes)

Thanks to all.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
John Blakley Thu, 04/02/2009 - 13:34
User Badges:
  • Purple, 4500 points or more

You're wanting to see what traffic is allowed over your tunnels? "sh ip route" will only show the routes that your router knows about, and it won't know about the routes that the other router knows about (unless you're running a routing protocol over a gre tunnel).

You can use "sh crypt ipsec" and it will show you what networks are allowed through the tunnel.

Otherwise, there's not a command that I'm aware of that will do what you're asking. (If there is, I'm drawing a blank.)



c.captari Thu, 04/02/2009 - 23:12
User Badges:
  • Bronze, 100 points or more

If you want to have such a visibility you need to implement IPSEC with Virtual Tunnel Interfaces.

IP security (IPsec) virtual tunnel interfaces (VTIs) provide a routable interface type for terminating IPsec tunnels and an easy way to define protection between sites to form an overlay network. IPsec VTIs simplify configuration of IPsec for protection of remote links, support multicast, and simplify network management and load balancing.

Otherwise if you stick to your existing conf and want to see what is into the encryption domain :

show crypto ipsec sa


This Discussion