Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
0
Helpful
1
Replies

Show crypto ipsec sa

illusion_rox
Level 1
Level 1

‎06-07-2009 08:39 PM - edited ‎02-21-2020 04:15 PM

Hi all. I have applied a crypto map to an interface that is shut. But when i do sh crypto ipsec sa, i can see the entry for this interface as well. Although all counters are zero but i am confused why is it showing at all ?

If i only want to see active interfaces which are actually passing the traffic how can i see them ? is there anyway to exclude interfaces that are not active ?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-09-2009 12:52 AM

There are a number of parameters avaialble in the 'show crypto ipsec sa' command to filter the output:

show crypto ipsec sa ?

address IPSEC SA table in (dest) address order

detail show counter detail

identity IPSEC SADB identity tree

interface Show info for specific interface

ipv6 Show IPv6 crypto IPsec SA info

map IPSEC SA table for a specific crypto map

peer Show peer sas

vrf VRF Routing/Forwarding instance

| Output modifiers

Also you can do something like

show crypto ipsec sa | include interface|tag|ident|encr|decr

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents