show crypto ipsec sa
To display security association (SA) information based on the rack/slot/module location, use the show crypto
ipsec sa command.
show crypto ipsec sa [sa-id| peer ip-address| profile profile-name| detail| count| fvrf fvrf-name| ivrf ivrf-name|
location node-id]
Syntax Description
(Optional) Identifier for the SA. The range is from 1 to 64500.
sa-id
(Optional) IP address used on the remote (PC) side. Invalid IP addresses are
not accepted.
peer ip-address
(Optional) Specifies the alphanumeric name for a security profile. The
character range is from 1 to 64. Profile names cannot be duplicated.
profile profile-name
(Optional) Provides additional dynamic SA information.detail
(Optional) Provides SA count.count
(Optional) Specifies that all existing SAs for front door virtual routing and
forwarding (FVRF) is the same as the fvrf-name.
fvrf fvrf-name
(Optional) Specifies that all existing SAs for inside virtual routing and
forwarding (IVRF) is the same as the ivrf-name.
ivrf ivrf-name
(Optional) Specifies that the SAs are configured on a specified location.
location node-id
Command Modes
EXEC
Command History
ModificationRelease
This command was introduced.Release 2.0
The range for the sa-id argument increased to 16500 sessions. Support
was added for the following keywords:
•
fvrf
•
ivrf
•
location
Release 3.4.0
The upper limit for the sa-id argument range was increased to 64,500
sessions.
Release 3.6.0
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
134 OL-24740-01
IPSec Commands
show crypto ipsec sa
To Next Page
Loading...
Need help?
General
