Re: Not seeing Packets Encypted or Decrypted

HEATH FREEL · ‎09-18-2008

I used to be able to see the number of packets encypted and decrypted using the sh ipsec sa command.... I cannot see that anymore. Has anyone seen this before?

Crypto map tag: themap, seq num: 10, local addr: XXXX

access-list 130 permit ip 172.XXX 255.255.254.0 172.XXX 255.255.0.0

local ident (addr/mask/prot/port): (172.XXX/255.255.254.0/0/0)

remote ident (addr/mask/prot/port): (172.XXX/255.255.0.0/0/0)

current_peer: XXXX

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 92, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0

local crypto endpt.: XXXX, remote crypto endpt.: XXXX

path mtu 1500, ipsec overhead 58, media mtu 1500

current outbound spi: 8AB4FE37

inbound esp sas:

spi: 0xF72E1976 (4146993526)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4275000/15175)

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0x8AB4FE37 (2327117367)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4274999/15167)

IV size: 8 bytes

replay detection support: Y

singhsaju · ‎09-18-2008

What device is this ? ASA? what code its running?

can you try "show crypto ipsec sa" and see if it shows counters for encrypts/decrypts?

HTH

Saju

Pls rate helpful posts

HEATH FREEL · ‎09-18-2008

Sorry - this is an ASA5580 ver 8.1(1)

I have tried all types of show commands, including details.

sh ipsec sa

sh ipsec sa det

sh crypto ipsec sa

sh crypto ipsec sa det

singhsaju · ‎09-18-2008

This could be a bug with version code. You can open TAC case to have it investigated.

HTH

Saju