sh cry ips sa

interface: FastEthernet1/1
    Crypto map tag: beijing_cm, local addr. 218.247.122.126

   protected vrf: 
   local  ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)
   remote ident (addr/mask/prot/port): (10.60.15.0/255.255.255.0/0/0)
   current_peer: 61.148.20.120:500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 34, #pkts decrypt: 34, #pkts verify 34
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 218.247.122.126, remote crypto endpt.: 61.148.20.120
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet1/1
     current outbound spi: 14C00143

     inbound esp sas:
      spi: 0xC906DC47(3372670023)
        transform: esp-3des esp-md5-hmac ,
 --More--                 in use settings ={Tunnel, }
        slot: 0, conn id: 1960, flow_id: 1, crypto map: beijing_cm
        sa timing: remaining key lifetime (k/sec): (4484632/3505)
        IV size: 8 bytes
        replay detection support: Y

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x14C00143(348127555)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 1961, flow_id: 2, crypto map: beijing_cm
        sa timing: remaining key lifetime (k/sec): (4484636/3504)
        IV size: 8 bytes
        replay detection support: Y

     outbound ah sas:

     outbound pcp sas:

 --More--            protected vrf: 
   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (10.60.8.10/255.255.255.255/0/0)
   current_peer: 220.205.47.220:500
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 13, #pkts decrypt: 13, #pkts verify 13
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 218.247.122.126, remote crypto endpt.: 220.205.47.220
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet1/1
     current outbound spi: 65016B19

     inbound esp sas:
      spi: 0xF2F3F9FD(4076075517)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 1962, flow_id: 3, crypto map: beijing_cm
        sa timing: remaining key lifetime (k/sec): (4532453/3531)
        IV size: 8 bytes
 --More--                 replay detection support: Y

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x65016B19(1694591769)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 1963, flow_id: 4, crypto map: beijing_cm
        sa timing: remaining key lifetime (k/sec): (4532455/3529)
        IV size: 8 bytes
        replay detection support: Y

     outbound ah sas:

     outbound pcp sas:
Beijing# deb cry
Beijing# deb crypto ips sa
                        ^
% Invalid input detected at '^' marker.

Beijing# deb crypto ips sa  
Crypto IPSEC debugging is on
Beijing#
Beijing#clear cry sa
Beijing#
*Mar  1 00:11:09.207: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 218.247.122.126, sa_prot= 50, 
    sa_spi= 0xC906DC47(3372670023), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1960
*Mar  1 00:11:09.207: IPSEC(add_sa): have new SAs -- expire existing in 30 sec.,
  (sa) sa_dest= 61.148.20.120, sa_prot= 50, 
    sa_spi= 0x14C00143(348127555), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1961,
  (identity) local= 218.247.122.126, remote= 61.148.20.120, 
    local_proxy= 172.16.0.0/255.255.0.0/0/0 (type=4), 
    remote_proxy= 10.60.15.0/255.255.255.0/0/0 (type=4)
*Mar  1 00:11:09.207: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 61.148.20.120, sa_prot= 50, 
    sa_spi= 0x14C00143(348127555), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1961
*Mar  1 00:11:09.207: IPSEC(rte_mgr): VPN Route Removed 10.60.8.10 255.255.255.255 via 220.205.47.220 in IP DEFAULT TABLE
*Mar  1 00:11:09.211: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 218.247.122.126, sa_prot= 50, 
    sa_spi= 0xF2F3F9FD(4076075517), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1962
*Mar  1 00:11:09.211: IPSEC(add_sa): have new SAs -- expire existing in 30 sec.,
  (sa) sa_dest= 220.205.47.220, sa_prot= 50, 
    sa_spi= 0x65016B19(1694591769), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1963,
  (identity) local= 218.247.122.126, remote= 220.205.47.220, 
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), 
    remote_proxy= 10.60.8.10/255.255.255.255/0/0 (type=1)
*Mar  1 00:11:09.211: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 220.205.47.220, sa_prot= 50, 
    sa_spi= 0x65016B19(1694591769), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1963
*Mar  1 00:11:09.875: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
	destaddr=218.247.122.126, prot=50, spi=0xC906DC47(-922297273), srcaddr=61.148.20.120
*Mar  1 00:11:13.891: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 218.247.122.126, remote= 61.148.20.120, 
    local_proxy= 172.16.0.0/255.255.0.0/0/0 (type=4), 
    remote_proxy= 10.60.15.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-md5-hmac  (Tunnel), 
    lifedur= 0s and 0kb, 
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Mar  1 00:11:13.891: IPSEC(kei_proxy): head = beijing_cm, map->ivrf = , kei->ivrf = 
*Mar  1 00:11:13.891: IPSEC(key_engine): got a queue event...
*Mar  1 00:11:13.891: IPSEC(spi_response): getting spi 886218320 for SA 
	from 218.247.122.126 to 61.148.20.120   for prot 3
*Mar  1 00:11:14.179: %CRYPTO-4-IPSEC_AAA_START_FAILURE: IPSEC Accounting was unable to send start record
*Mar  1 00:11:14.179: IPSEC(key_engine): got a queue event...
*Mar  1 00:11:14.179: IPSEC(initialize_sas): ,
  (key eng. msg.) INBOUND local= 218.247.122.126, remote= 61.148.20.120, 
    local_proxy= 172.16.0.0/255.255.0.0/0/0 (type=4), 
    remote_proxy= 10.60.15.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-md5-hmac  (Tunnel), 
    lifedur= 3600s and 4608000kb, 
    spi= 0x34D29E50(886218320), conn_id= 1960, keysize= 0, flags= 0x2
*Mar  1 00:11:14.179: IPSEC(initialize_sas): ,
  (key eng. msg.) OUTBOUND local= 218.247.122.126, remote= 61.148.20.120, 
    local_proxy= 172.16.0.0/255.255.0.0/0/0 (type=4), 
    remote_proxy= 10.60.15.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-md5-hmac  (Tunnel), 
    lifedur= 3600s and 4608000kb, 
    spi= 0x2134000A(557056010), conn_id= 1961, keysize= 0, flags= 0xA
*Mar  1 00:11:14.183: IPSEC(kei_proxy): head = beijing_cm, map->ivrf = , kei->ivrf = 
*Mar  1 00:11:14.183: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 61.148.20.120
*Mar  1 00:11:14.183: IPSEC(add mtree): src 172.16.0.0, dest 10.60.15.0, dest_port 0

*Mar  1 00:11:14.183: IPSEC(create_sa): sa created,
  (sa) sa_dest= 218.247.122.126, sa_prot= 50, 
    sa_spi= 0x34D29E50(886218320), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1960
*Mar  1 00:11:14.183: IPSEC(create_sa): sa created,
  (sa) sa_dest= 61.148.20.120, sa_prot= 50, 
    sa_spi= 0x2134000A(557056010), 
    sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1961
*Mar  1 00:11:14.255: IPSEC(key_engine): got a queue event...
*Mar  1 00:11:14.255: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
*Mar  1 00:11:14.255: IPSEC(key_engine_enable_outbound): enable SA with spi 557056010/50 for 61.148.20.120
Beijing#
Beijing#





 %CRYPTO-4-IPSEC_AAA_START_FAILURE: IPSEC Accounting was unable to send