Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Not seeing Packets Encypted or Decrypted

I used to be able to see the number of packets encypted and decrypted using the sh ipsec sa command.... I cannot see that anymore. Has anyone seen this before?

Crypto map tag: themap, seq num: 10, local addr: XXXX

access-list 130 permit ip 172.XXX 255.255.254.0 172.XXX 255.255.0.0

local ident (addr/mask/prot/port): (172.XXX/255.255.254.0/0/0)

remote ident (addr/mask/prot/port): (172.XXX/255.255.0.0/0/0)

current_peer: XXXX

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 92, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0

local crypto endpt.: XXXX, remote crypto endpt.: XXXX

path mtu 1500, ipsec overhead 58, media mtu 1500

current outbound spi: 8AB4FE37

inbound esp sas:

spi: 0xF72E1976 (4146993526)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4275000/15175)

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0x8AB4FE37 (2327117367)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 126976, crypto-map: themap

sa timing: remaining key lifetime (kB/sec): (4274999/15167)

IV size: 8 bytes

replay detection support: Y

3 REPLIES
Silver

Re: Not seeing Packets Encypted or Decrypted

What device is this ? ASA? what code its running?

can you try "show crypto ipsec sa" and see if it shows counters for encrypts/decrypts?

HTH

Saju

Pls rate helpful posts

New Member

Re: Not seeing Packets Encypted or Decrypted

Sorry - this is an ASA5580 ver 8.1(1)

I have tried all types of show commands, including details.

sh ipsec sa

sh ipsec sa det

sh crypto ipsec sa

sh crypto ipsec sa det

Silver

Re: Not seeing Packets Encypted or Decrypted

This could be a bug with version code. You can open TAC case to have it investigated.

HTH

Saju

114
Views
0
Helpful
3
Replies