Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
9
Helpful
7
Replies

Router firewall ios commands

Go to solution
nextccie08
Level 1
Level 1

‎08-02-2007 09:59 AM

In order to troubleshoot problems resulting from an issue with a vpn connection where router contains a firewall ios, knowing the correct commands are essential. What are the proper commands that should be used in displaying information related to vpn problems? For example, on a pix commands show conn, show isa sa, show ipsec sa, sh exlate etc. help in determining issues. What are some commands that are the equivalent to these and what others can be used on a router that has a firewall ios?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
7 Replies 7

Go to solution
mattiaseriksson
Level 3
Level 3

‎08-02-2007 11:47 AM

To troubleshoot vpn problems in ios I think the best show commands are:

show crypto isakmp sa: Shows ISAKMP security associations (SAs) built between peers.

show crypto ipsec sa: Shows IPsec SAs built between peers.

show crypto engine connection active: Shows every SA built and the amount of traffic sent.

Debug commands:

debug crypto isakmp

debug crypto ipsec

Go to solution
nextccie08
Level 1
Level 1
In response to mattiaseriksson

‎08-02-2007 04:30 PM

Thanks, that is a start. However, are there any commands that are the equivalent or similar to pix commands such as show conn, show count, show xlate etc.

0 Helpful

Go to solution
mattiaseriksson
Level 3
Level 3
In response to nextccie08

‎08-03-2007 12:23 AM

sh conn = sh ip inspect session

sh count = sh ip traffic

sh xlate = sh ip nat translations

Go to solution
nextccie08
Level 1
Level 1
In response to mattiaseriksson

‎08-03-2007 04:22 AM

Thanks for all the info. This will help a great deal in the future. Lastly, is there a link for more indepth features regarding firewall ioses?

0 Helpful

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to nextccie08

‎08-03-2007 07:08 AM

Have a look at this link to learn more about the Cisco IOS Firewall.

http://cisco.com/en/US/partner/products/sw/secursw/ps1018/tsd_products_support_series_home.html

HTH

0 Helpful

Go to solution
nextccie08
Level 1
Level 1
In response to sundar.palaniappan

‎08-03-2007 07:21 AM

Thanks, that's all I needed.

0 Helpful

Go to solution
jerrytozhang
Level 1
Level 1

‎08-03-2007 05:30 AM

The following is my favorate command if you have 2800/3800 router with a VPN accelerater module.

show crypto engine accelerator statistic

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents