Encryption Evidence

Unanswered Question
Jan 29th, 2010
User Badges:

Hi Srini,

How we can show an evidence saying my data is getting ecrypted over the VPN network.

I am running an IP-SEC VPN and i want to show an evidence saying the packets are getting encrypted.

One option was to show the counters count Inbound / outbound, but which was not that much supportive.

Is there any option to show some evidence of ecnryption???



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Fri, 01/29/2010 - 07:41
User Badges:
  • Purple, 4500 points or more

Try the following command-

show crypto ipsec sa

interface: Tunnel0

    Crypto map tag: vpn, local addr

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (

   remote ident (addr/mask/prot/port): (

   current_peer port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 52438988, #pkts encrypt: 52438988, #pkts digest: 52438988

    #pkts decaps: 1013823840, #pkts decrypt: 1013823840, #pkts verify: 1013823840

This is showing the number of packets this router is encrypting and decrypting with its peer.

Hope that helps.

james.bastnagel Sat, 01/30/2010 - 21:52
User Badges:

If that doesnt work--provide enough evidence, then run a sniffer on the

outside interface of one of your vpn devices and you can show that the

payload of the packets is in fact encrypted.

On Fri, Jan 29, 2010 at 5:01 PM, pudawat


This Discussion