Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

troubleshooting ezvpn

Hi,

Somebody knows how can i see the public and privates address from ezvpn client (hardware) on the ezvpn server?

Best Regards.

4 REPLIES
Cisco Employee

Re: troubleshooting ezvpn

IOS or ASA?

New Member

Re: troubleshooting ezvpn

Sorry IOS.

Cisco Employee

Re: troubleshooting ezvpn

If the remote end is in NEM (Network Extension Mode) then you can see the network behind the remote router, by doing a "show crypto ipsec sa" - this will show you the SA's along with the Peer IP.

You can also do a show crypto session.

If you're using client-mode then all you'll see is the IP assigned to the remote router from your pool and not the network behind it.

PS. if you found this post helpful, please rate it.

New Member

Re: troubleshooting ezvpn

HI,

I have NEM.

I can not see the networks look it

hub3#sh cry ip sa

interface: Virtual-Access2

Crypto map tag: Virtual-Access2-head-0, local addr 20.x.x.x

protected vrf: (none)

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

current_peer 201.x.x.x port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 26986, #pkts encrypt: 26986, #pkts digest: 26986

#pkts decaps: 29519, #pkts decrypt: 29519, #pkts verify: 29519

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 20.x.x.x, remote crypto endpt.: 201.x.x.x

path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/2.1

current outbound spi: 0xEFA9C57F(4020880767)

inbound esp sas:

spi: 0x7EA6467B(2124826235)

transform: esp-aes esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2107, flow_id: VAM2+:107, crypto map: Virtual-Access2-head-0

sa timing: remaining key lifetime (k/sec): (4487381/874)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0xEFA9C57F(4020880767)

transform: esp-aes esp-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2108, flow_id: VAM2+:108, crypto map: Virtual-Access2-head-0

sa timing: remaining key lifetime (k/sec): (4487426/874)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

outbound ah sas:

outbound pcp sas:

2136
Views
0
Helpful
4
Replies
CreatePlease to create content