Cisco MDS-9124 Troubleshooting Guide - Page 461
show ipsec internal, crypto-accelerator interface gigabitethernet, inbound, outbound, internal
View all Cisco MDS-9124 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 461 highlights
Chapter 22 Troubleshooting IPsec IPsec Issues Send documentation comments to [email protected] Step 2 mode:tunnel, crypto algo:esp-3des, auth algo:esp-md5-hmac tunnel id is:1 current outbound spi:0x38147002 (940863490), index:513 lifetimes in seconds::3600 lifetimes in bytes::483183820800 current inbound spi:0x822a202 (136487426), index:513 lifetimes in seconds::3600 lifetimes in bytes::483183820800 The SA index can be used to look at the SA in the crypto-accelerator. Issue the show ipsec internal crypto-accelerator interface gigabitethernet slot/port sad [inbound | outbound] sa-index command to display the inbound or outbound SA information. The hard limit bytes and soft limit bytes fields display the lifetime in bytes. The hard limit expiry secs and the soft limit expiry secs fields display the lifetime in seconds. Note To issue commands with the internal keyword, you must have an account that is a member of the network-admin group. The command outputs follow: MDSA# show ipsec internal crypto-accelerator interface gigabitethernet 7/1 sad inbound 1 sw172.22.48.91# show ipsec internal crypto-accelerator interface gigabitethernet 7/1 sad inbound 1 Inbound SA 1 : Mode :Tunnel, flags:0x492300000000000 IPsec mode is ESP Encrypt algorithm is DES/3DES Auth algorithm is MD5 Source ip address 10.10.100.232/255.255.255.255 Destination ip address 10.10.100.231/255.255.255.255 Physical port 0, mask:0x1 Misc select 0 mask:0x0 Vlan 0 mask:0xfff Protocol 0 mask:0x0 Source port no 0 mask:0x0 Dest port no 0 mask:0x0 Hard limit 483183820800 bytes Soft limit 401042571264 bytes SA byte count 845208 bytes