Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco IPSec Verification

Hello Experts,

Can someone please take a look at my configuration on on datacenter, R222 and R223 and let me know how to verify that traffic is being encrypted between R223 and datacenter. 

I know that traffic is being encrypted between the datacenter and R222 and R223 and R222, but I don't think traffic is being encrypted between datacenter and R223.

Cheers

Carlton

  • VPN
2 REPLIES
Silver

Hi carltonpatterson 

Hi carltonpatterson 

You can Check the tunnel between datacenter and R223 with the command "Show crypto ipsec sa ".

 

If you see the following output: 

 #pkts encaps: 289, #pkts encrypt: 289, #pkts digest: 289
    #pkts decaps: 290, #pkts decrypt: 290, #pkts verify: 290

Those encaps , decapts , encypts and decrypts meand the traffic is flowing throught the IPSEC tunnel  is being encrypted. 

 

You can do the following test: 

 

1. Clear the encaps / decaps with the command "Clear crypto ipsec sa"

   WARNING: THIS WILL BRING DOWN THE TUNNEL FOR A FEW SECONDS

2. Send traffic over the tunnel with a ping or any type of traffic .

3. Do a "Show crypto ipsec sa" and see if the encaps and decaps increment. 

 

- Hope this helps - 

Hi, Your connectivity is like

Hi,

 

Your connectivity is like this

r223 <--> r222 <--> data center

 

So if you enabled the routing updates from DC to 223 and 223 to DC, which will go via the tunnel and hence it will be encrypted only.... in  your case if you have 222 as hub and other 2 sites as spoke and if you enabled spoke to spoke communication, your requirement will go as encrypted.

 

Regards

Karthik

43
Views
0
Helpful
2
Replies
This widget could not be displayed.