Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do I confirm IPSEC is working between two routers?

We are in the process of implementing IPSEC on our premise routers; what is the best way of varyfing that IPSEC is workign proparly? What are the best IOS commands to varify IPSEC is working? If IPSEC is working properly, can i still ping routers in the middle, that don't have IPSEC installed? What visible commands/actions will I be able to observe once I have IPSEC configured properly?

Also, before be deploy IPSEC on the operational routers, what tests can we use in-house to varify connectivity will be the same as in the operational environemt?

So far we plan to test IPSEC between routers connected in a LAN environment, and connect together through DTE-DCE to simulate a WAN environemt. Any other recommendations on how to test?

thnxs for any input..

Francino

2 REPLIES
Cisco Employee

Re: How do I confirm IPSEC is working between two routers?

Hi Francino,

You can use the following commands to verify that IPSec is running/working between two end devices:

show crypto ipsec sa

show crypto engine connection active

You will see if the IPSec SA's have been established and if the traffic is getting encrypted/decrypted at the end points.

Additionally, you should be able to ping any devices in the middle which have routable IP addresses even if they are not running any IPSec on them.

Hope this helps,

Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-

New Member

Re: How do I confirm IPSEC is working between two routers?

Thanks Aamir!

331
Views
0
Helpful
2
Replies
CreatePlease login to create content