Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encryption Evidence

Hi Srini,

How we can show an evidence saying my data is getting ecrypted over the VPN network.

I am running an IP-SEC VPN and i want to show an evidence saying the packets are getting encrypted.

One option was to show the counters count Inbound / outbound, but which was not that much supportive.

Is there any option to show some evidence of ecnryption???

Thanks

Gopi

3 REPLIES

Re: Encryption Evidence

Try the following command-

show crypto ipsec sa

interface: Tunnel0

    Crypto map tag: vpn, local addr 69.222.73.2

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (69.222.73.2/255.255.255.255/47/0)

   remote ident (addr/mask/prot/port): (69.222.73.1/255.255.255.255/47/0)

   current_peer 69.222.73.1 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 52438988, #pkts encrypt: 52438988, #pkts digest: 52438988

    #pkts decaps: 1013823840, #pkts decrypt: 1013823840, #pkts verify: 1013823840

This is showing the number of packets this router is encrypting and decrypting with its peer.

Hope that helps.

New Member

Re: Encryption Evidence

Colin says it all with a command!

New Member

Re: Encryption Evidence

If that doesnt work--provide enough evidence, then run a sniffer on the

outside interface of one of your vpn devices and you can show that the

payload of the packets is in fact encrypted.

On Fri, Jan 29, 2010 at 5:01 PM, pudawat

302
Views
5
Helpful
3
Replies