Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I see show crypto ipsec sa active?

I configured static ipsec with preshared key,transform set and applied crypto isakmp policy. I see crypto ipsec sa active as follows

C1841D#sh crypto ipsec sa

interface: Serial0/1/0.300

Crypto map tag: STATICTEST, local addr 172.16.1.1

protected vrf: (none)

local ident (addr/mask/prot/port): (172.16.200.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (172.16.216.0/255.255.255.0/0/0)

current_peer 172.16.1.49 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 1, #recv errors 0

local crypto endpt.: 172.16.1.1, remote crypto endpt.: 172.16.1.49

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0.300

current outbound spi: 0x73D9E56C(1943659884)

inbound esp sas:

spi: 0x1F8F39BA(529480122)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2155, flow_id: FPGA:155, crypto map: STATICTEST

sa timing: remaining key lifetime (k/sec): (4575959/3151)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0x73D9E56C(1943659884)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2156, flow_id: FPGA:156, crypto map: STATICTEST

sa timing: remaining key lifetime (k/sec): (4575959/3150)

IV size: 8 bytes

replay detection support: Y

Status: ACTIVE

outbound ah sas:

outbound pcp sas:

C1841D#

but when I cannont see any sa with the output of C1841D#sh crypto ipsec sa active

No SAs found

how is that possible?

633
Views
0
Helpful
0
Replies