Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router firewall ios commands

In order to troubleshoot problems resulting from an issue with a vpn connection where router contains a firewall ios, knowing the correct commands are essential. What are the proper commands that should be used in displaying information related to vpn problems? For example, on a pix commands show conn, show isa sa, show ipsec sa, sh exlate etc. help in determining issues. What are some commands that are the equivalent to these and what others can be used on a router that has a firewall ios?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Router firewall ios commands

Have a look at this link to learn more about the Cisco IOS Firewall.

http://cisco.com/en/US/partner/products/sw/secursw/ps1018/tsd_products_support_series_home.html

HTH

7 REPLIES

Re: Router firewall ios commands

To troubleshoot vpn problems in ios I think the best show commands are:

show crypto isakmp sa: Shows ISAKMP security associations (SAs) built between peers.

show crypto ipsec sa: Shows IPsec SAs built between peers.

show crypto engine connection active: Shows every SA built and the amount of traffic sent.

Debug commands:

debug crypto isakmp

debug crypto ipsec

New Member

Re: Router firewall ios commands

Thanks, that is a start. However, are there any commands that are the equivalent or similar to pix commands such as show conn, show count, show xlate etc.

Re: Router firewall ios commands

sh conn = sh ip inspect session

sh count = sh ip traffic

sh xlate = sh ip nat translations

New Member

Re: Router firewall ios commands

Thanks for all the info. This will help a great deal in the future. Lastly, is there a link for more indepth features regarding firewall ioses?

Re: Router firewall ios commands

Have a look at this link to learn more about the Cisco IOS Firewall.

http://cisco.com/en/US/partner/products/sw/secursw/ps1018/tsd_products_support_series_home.html

HTH

New Member

Re: Router firewall ios commands

Thanks, that's all I needed.

New Member

Re: Router firewall ios commands

The following is my favorate command if you have 2800/3800 router with a VPN accelerater module.

show crypto engine accelerator statistic

130
Views
9
Helpful
7
Replies
CreatePlease to create content