cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
542
Views
5
Helpful
3
Replies

Encryption Evidence

ydcnetwork
Level 1
Level 1

Hi Srini,

How we can show an evidence saying my data is getting ecrypted over the VPN network.

I am running an IP-SEC VPN and i want to show an evidence saying the packets are getting encrypted.

One option was to show the counters count Inbound / outbound, but which was not that much supportive.

Is there any option to show some evidence of ecnryption???

Thanks

Gopi

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

Try the following command-

show crypto ipsec sa

interface: Tunnel0

    Crypto map tag: vpn, local addr 69.222.73.2

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (69.222.73.2/255.255.255.255/47/0)

   remote ident (addr/mask/prot/port): (69.222.73.1/255.255.255.255/47/0)

   current_peer 69.222.73.1 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 52438988, #pkts encrypt: 52438988, #pkts digest: 52438988

    #pkts decaps: 1013823840, #pkts decrypt: 1013823840, #pkts verify: 1013823840

This is showing the number of packets this router is encrypting and decrypting with its peer.

Hope that helps.

Colin says it all with a command!

If that doesnt work--provide enough evidence, then run a sniffer on the

outside interface of one of your vpn devices and you can show that the

payload of the packets is in fact encrypted.

On Fri, Jan 29, 2010 at 5:01 PM, pudawat

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: