Determine phase 1 policy

Answered Question
Apr 8th, 2010
User Badges:

Is there a way to tell which one has been negotiated & is currently being used with a specific peer?

Correct Answer by Jennifer Halim about 6 years 11 months ago

This will show you the negotiated phase 1 lifetime:

show crypto mib isakmp flowmib tunnel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Thu, 04/08/2010 - 04:06
User Badges:
  • Cisco Employee,

"show crypto engine connections" should show you what phase 1 (IKE) policy has been negotiated.

droeun141 Thu, 04/08/2010 - 04:20
User Badges:

I fumbled through the available options but didn't see the output I was looking for.  sh cry en conn dh shows some phase 1 attributes but some of my policies are identical except for the lifetimes.

Jon Marshall Thu, 04/08/2010 - 04:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

droeun141 wrote:


Is there a way to tell which one has been negotiated & is currently being used with a specific peer?


Have you tried "sh crypto isakmp sa detail"  ?


Jon

droeun141 Thu, 04/08/2010 - 04:22
User Badges:

Yeah I tried that one too, but it doesn't show negotiated lifetime, only remaining.

Correct Answer
Jennifer Halim Thu, 04/08/2010 - 04:37
User Badges:
  • Cisco Employee,

This will show you the negotiated phase 1 lifetime:

show crypto mib isakmp flowmib tunnel

Actions

This Discussion