I've got VPN built sucessesfully over a few places and now i want to check what is the actualy total lifetime and lifesize of my phase 2 connection. I know the command we should use is "show crypto ipsec sa" but it only shows me the remaining lifetime
I know if we don't define the lifetime on ASA, it will take 8 hours as the default. But what if i want to know what's the actual maximum lifetime and lifesize of my current vpn? Is it possible? Any feed back would be appreciated. Thanks.
I would assume that typically the Phase2 lifetime values are configured identically on the VPN peer devices which should tell you what the value are. I can't remember at the moment without checking which value was chosen if the peers have different configurations.
So I guess this situation refers to ASA?
You could try the following command
show vpn-sessiondb detail l2l filter ip address
show vpn-sessiondb detail l2l | begin
I have expirienced some problems with the first command in some softwares which results in an error message that tells that no such connections are active on the ASA even though there are.
The second command is just an option to show the same with a different format of the command.
If we were looking into a situation with Cisco Router I think most commands would show the output like you mention above.
show crypto ipsec sa peer detail
show crypto session remote detail
The following command on a Cisco router seems to list the configured values on your device but again it might not be the ones used if there is difference between the VPN peers configurations. To my understanding atleast.
show crypto map
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...