cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
579
Views
0
Helpful
7
Replies

Determine phase 1 policy

droeun141
Level 1
Level 1

Is there a way to tell which one has been negotiated & is currently being used with a specific peer?

1 Accepted Solution

Accepted Solutions

This will show you the negotiated phase 1 lifetime:

show crypto mib isakmp flowmib tunnel

View solution in original post

7 Replies 7

droeun141
Level 1
Level 1

This is on a 7206VXR

"show crypto engine connections" should show you what phase 1 (IKE) policy has been negotiated.

I fumbled through the available options but didn't see the output I was looking for.  sh cry en conn dh shows some phase 1 attributes but some of my policies are identical except for the lifetimes.

Jon Marshall
Hall of Fame
Hall of Fame

droeun141 wrote:

Is there a way to tell which one has been negotiated & is currently being used with a specific peer?

Have you tried "sh crypto isakmp sa detail"  ?

Jon

Yeah I tried that one too, but it doesn't show negotiated lifetime, only remaining.

This will show you the negotiated phase 1 lifetime:

show crypto mib isakmp flowmib tunnel

Bingo! thanks guys

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: