Table 10: show crypto ipsec sa Field Descriptions
DescriptionField
Identifier for the SA.SA id
Identifier for the interface.interface
String of alphanumeric characters that specify the
name of a security profile.
profile
IP address, mask, protocol, and port of the local peer.local ident
IP address, mask, protocol and port of the remote
peer.
remote ident
Outbound ESP SAs.outbound esp sas
Inbound ESP SAs.inbound esp sas
The transform being used in the SA.transform
The lifetime value used in the SA.sa lifetime
The following sample output is from the show crypto ipsec sa command for the profile keyword for a profile
named pn1:
RP/0/RP0/CPU0:router# show crypto ipsec sa profile pn1
SA id: 2
interface: tunnel0
profile: pn1
local ident (addr/mask/prot/port): (172.19.70.92/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.19.72.120/255.255.255.255/0/0)
local crypto endpt: 172.19.70.92, remote crypto endpt: 172.19.72.120
outbound esp sas:
spi: 0x8b0e950f (2332988687)
transform: esp-3des-sha
in use settings = Tunnel
sa lifetime: 3600s, 4194303kb
SA id: 2
interface: tunnel0
profile: pn1
local ident (addr/mask/prot/port): (172.19.72.120/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.19.70.92/255.255.255.255/0/0)
local crypto endpt: 172.19.72.120, remote crypto endpt: 172.19.70.92
inbound esp sas:
spi: 0x2777997c (662149500)
transform: esp-3des-sha
in use settings = Tunnel
sa lifetime: 3600s, 4194303kb
The following sample output is from the show crypto ipsec sa command for the peer keyword:
RP/0/RP0/CPU0:router# show crypto ipsec sa peer 172.19.72.120
SA id: 2
interface: tunnel0
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
136 OL-24740-01
IPSec Commands
show crypto ipsec sa
To Next Page
Loading...
Need help?
General
