07-14-2010 01:37 AM
Dear All,
please share the command to check S2S tunnel up time which is configured on the router .
Solved! Go to Solution.
07-14-2010 08:56 AM
There are commands that define the lifetimes of the ISAKMP and IPSec Security Associations (SAs).
E.g.:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto ipsec security-association lifetime seconds 3599
... and you can determine lifetime remaining for these SAs with the following commands:
sh crypto session detail
sh crypto isakmp sa detail
sh crypto ipsec sa
The delta between the configured lifetime(s), and the lifetime remaining will tell you how much time has passed since the last re-keying, but that is as close as you are likely to get in determining when the tunnel first came up.
You might use other means such as syslog to tell you when a Tunnel transitions to Up or Down state(s).
Best Regards,
Mike
07-14-2010 08:56 AM
There are commands that define the lifetimes of the ISAKMP and IPSec Security Associations (SAs).
E.g.:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto ipsec security-association lifetime seconds 3599
... and you can determine lifetime remaining for these SAs with the following commands:
sh crypto session detail
sh crypto isakmp sa detail
sh crypto ipsec sa
The delta between the configured lifetime(s), and the lifetime remaining will tell you how much time has passed since the last re-keying, but that is as close as you are likely to get in determining when the tunnel first came up.
You might use other means such as syslog to tell you when a Tunnel transitions to Up or Down state(s).
Best Regards,
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: