Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

identify connected VPN

Hello, is there any command that can show the number of VPN connections to the pix firewall, the ip addresses it has leased to these connections and the source ip. Like the "show ssh session" will do.

Thanks

D.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: identify connected VPN

"sh crypto ipsec sa" will provide the required info. however, it provides many other statistics as well, which may not be required.

e.g.

pix# sh cry ips sa

interface: outside

Crypto map tag: csgvpn, local addr.

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (/255.255.255.255/0/0)

current_peer: 220.233.111.107:4500

dynamic allocated peer ip:

PERMIT, flags={transport_parent,}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: , remote crypto endpt.:

path mtu 1500, ipsec overhead 64, media mtu 1500

current outbound spi: 4262e8b6

inbound esp sas:

spi: 0x26a0e09f(648077471)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel UDP-Encaps, }

slot: 0, conn id: 6, crypto map: csgvpn

sa timing: remaining key lifetime (k/sec): (4607999/28720)

IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0x4262e8b6(1113778358)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel UDP-Encaps, }

slot: 0, conn id: 5, crypto map: csgvpn

sa timing: remaining key lifetime (k/sec): (4607999/28702)

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

1 REPLY
Gold

Re: identify connected VPN

"sh crypto ipsec sa" will provide the required info. however, it provides many other statistics as well, which may not be required.

e.g.

pix# sh cry ips sa

interface: outside

Crypto map tag: csgvpn, local addr.

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (/255.255.255.255/0/0)

current_peer: 220.233.111.107:4500

dynamic allocated peer ip:

PERMIT, flags={transport_parent,}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: , remote crypto endpt.:

path mtu 1500, ipsec overhead 64, media mtu 1500

current outbound spi: 4262e8b6

inbound esp sas:

spi: 0x26a0e09f(648077471)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel UDP-Encaps, }

slot: 0, conn id: 6, crypto map: csgvpn

sa timing: remaining key lifetime (k/sec): (4607999/28720)

IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0x4262e8b6(1113778358)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel UDP-Encaps, }

slot: 0, conn id: 5, crypto map: csgvpn

sa timing: remaining key lifetime (k/sec): (4607999/28702)

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

249
Views
0
Helpful
1
Replies
CreatePlease to create content