Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Phase 1 Management Tunnel - Show Command

All,

What show command will show what phase 1 parameters have been negotiated for a specific vpn tunnel on an IOS router (Model 3945, running IOS 15.1)?  The closest command I found through experimentation of show commands which will display this information is "show crypto engine connection active" but it doesn't display which crypto session id belongs to which remote crypto endpoint.

Thanks in advance for your help,

Adil

3 REPLIES

Re: Phase 1 Management Tunnel - Show Command

try debug crypto isakmp

Silver

Adil,when you run "show

Adil,

when you run "show crypto engine connections active" you will see an entry in the last with connection ID 1001, type is IKE, algorithm SHA-3DES, it shows the parameters that are negotiated for phase 1 tunnel with the peer 10.1.1.1.This Conn-id is also reflected when you run "Show crypto isakmp sa". whereas conn-id 1 and 2 represent phase 2 parameters negotiated . these id you can see under "show crypto ipsec sa"  when you see outbound/inbound  esp sas to verify.

Crypto Engine Connections

     ID Interface  Type  Algorithm           Encrypt  Decrypt    IP-Address
       1 Fa0/0      IPsec 3DES+SHA                  0        9           10.1.1.1
       2 Fa0/0      IPsec 3DES+SHA                  9        0           10.1.1.1
 1001 Fa0/0      IKE   SHA+3DES                   0        0           10.1.1.1

HTH

New Member

Re: Phase 1 Management Tunnel - Show Command

try "show crypto iskamp sa" and "shwo crypto ipsec sa" for phase 2.

250
Views
0
Helpful
3
Replies