All Cisco-Network Study Notes: show Command

show Command
The show command lets you view different portions of the configuration and see the
condition of ISAKMP and IPSec SAs. Table 13-6 explains the different show commands.
Example 13-5 sysopt connection permit-ipsec
tgpix(config)# isakmp policy 10 authentication pre-share
tgpix(config)# isakmp policy 10 encryption 3des
tgpix(config)# isakmp policy 10 group 2
tgpix(config)# isakmp policy 10 hash md5
tgpix(config)# isakmp policy 10 lifetime 86400
tgpix(config)# isakmp enable outside
tgpix(config)# isakmp identity address
tgpix(config)# isakmp key abc123 address 192.168.2.1 netmask 255.255.255.255
tgpix(config)# nat (inside) 0 access list 90
tgpix(config)# access-list 90 permit ip 10.10.10.0 255.255.255.0 10.10.20.0
255.255.255.0
tgpix(config)# crypto ipsec transform-set strong esp-3des esp-md5-hmac
tgpix(config)# crypto ipsec security-association lifetime seconds 900
tgpix(config)# crypto map gonder 10 ipsec-isakmp
tgpix(config)# crypto map gonder 10 match address 90
tgpix(config)# crypto map gonder 10 set transform-set strong
tgpix(config)# crypto map gonder 10 set peer 192.168.2.1
tgpix(config)# crypto map gonder interface outside
tgpix(config)# sysopt connection permit-ipsec
Configuring the Security Appliance as a VPN Gateway 357
Example 13-6 displays the output from the show crypto isakmp sa command on the PIX
Firewall in 192.168.1.2 that is configured for a VPN connection to 192.168.2.1.
Example 13-7 displays the output from show crypto ipsec sa for the same firewall.
Table 13-6 show Commands
Command Description
show isakmp Displays all ISAKMP configurations.
show isakmp policy Displays only configured ISAKMP policies.
show access-list Displays configured access lists.
show crypto map Displays all configured crypto map entries.
show crypto ipsec transform-set Displays all configured IPSec transform sets.
show crypto ipsec securityassociation
lifetime
Displays the global SA lifetime. If not defined
specifically by a crypto ipsec security-association
lifetime command, it displays the default lifetime
values.
show crypto isakmp sa Displays the status of current IKE SAs.
show crypto ipsec sa Displays the status of current IPSec SAs.