show crypto ipsec sa Command Output
tgpix# show crypto ipsec sa interface: outside
Crypto map tag: 10, local addr. 192.168.1.1
local ident (addr/mask/port/port): (10.10.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.1/255.255.255.255/0/0)
current_peer: 192.128.1.1
dynamic allocated peer ip: 192.168.2.1
PERMIT, flags={}
#pkts encaps: 345, #pkts encrypt: 345, #pkts digest 0
#pkts decaps: 366, #pkts decrypt: 366, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.1.1, remote crypto endpt.: 192.168.2.1
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 9a46ecae
inbound esp sas:
continues
358 Chapter 13: Virtual Private Networks
clear Command
The clear command allows you to remove current settings. You must be very careful when
using the clear command to ensure that you do not remove portions of your configuration
that are needed. The most common use of the clear command for troubleshooting VPN
connectivity is to clear current sessions and force them to regenerate. Table 13-7 explains the
two clear commands used to troubleshoot VPN connectivity.
debug Command
The debug command lets you watch the VPN negotiation take place. This command is
available only from configuration mode on the PIX and will not display any output in a
Telnet session. Table 13-8 explains the two debug commands most commonly used to
troubleshoot VPN connectivity.
spi: 0x50b98b5(84646069)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 1, crypto map: Chapter11
sa timing: remaining key lifetime (k/sec): (460800/21)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x9a46ecae(2588339374)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2, crypto map: Chapter11
sa timing: remaining key lifetime (k/sec): (460800/21)
IV size: 8 bytes
replay detection support: Y
outbound ah sas: