EasyManuals Logo
Home>Cisco>Switch>MDS 9000 Series

Cisco MDS 9000 Series User Manual

Cisco MDS 9000 Series
16 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #7 background imageLoading...
Page #7 background image
Send documentation comments to mdsfeedback-doc@cisco.com
22-7
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 22 Troubleshooting IPsec
IPsec Issues
Verifying IPsec Configuration Compatibility Using the CLI
To verify the compatibility of the IPsec configurations of MDS A and MDS C shown in Figure 22-1
using the CLI, follow these steps:
Step 1 Use the show crypto map domain ipsec command and the show crypto transform-set domain ipsec
command. The following command outputs display the fields discussed in Step 2 through Step 7.
MDSA# show crypto map domain ipsec
Crypto Map “cmap-01” 1 ipsec
Peer = 10.10.100.232
IP ACL = acl1
permit ip 10.10.100.231 255.255.255.255 10.10.100.232 255.255.255.255
Transform-sets: tfs-02,
Security Association Lifetime: 3000 gigabytes/120 seconds
PFS (Y/N): Y
PFS Group: group5
Interface using crypto map set cmap-01:
GigabitEthernet7/1
MDSC# show crypto map domain ipsec
Crypto Map “cmap-01” 1 ipsec
Peer = 10.10.100.231
IP ACL = acl1
permit ip 10.10.100.232 255.255.255.255 10.10.100.231 255.255.255.255
Transform-sets: tfs-02,
Security Association Lifetime: 3000 gigabytes/120 seconds
PFS (Y/N): Y
PFS Group: group5
Interface using crypto map set cmap-01:
GigabitEthernet1/2
MDSA# show crypto transform-set domain ipsec
Transform set:tfs-01 {esp-3des null}
will negotiate {tunnel}
Transform set:tfs-02 {esp-3des esp-md5-hmac}
will negotiate {tunnel}
Transform set:ipsec_default_transform_set {esp-aes 128 esp-sha1-hmac}
will negotiate {tunnel}
MDSC# show crypto transform-set domain ipsec
Transform set:tfs-01 {esp-3des null}
will negotiate {tunnel}
Transform set:tfs-02 {esp-3des esp-md5-hmac}
will negotiate {tunnel}
Transform set:ipsec_default_transform_set {esp-aes 128 esp-sha1-hmac}
will negotiate {tunnel}
Step 2 Ensure that the ACLs are compatible in the show crypto map domain ipsec command outputs for both
switches.
Step 3 Ensure that the peer configuration is correct in the show crypto map domain ipsec command outputs
for both switches.
Step 4 Ensure that the transform sets are compatible in the show crypto transform-set domain ipsec command
outputs for both switches.
Step 5 Ensure that the PFS settings in the show crypto map domain ipsec command outputs are configured
the same on both switches.

Table of Contents

Other manuals for Cisco MDS 9000 Series

Preview: Configuration Guide
Configuration Guide344 pages
Preview: Troubleshooting Guide
Troubleshooting Guide161 pages
Preview: Command Reference
Command Reference1464 pages
Preview: Rack Installation
Rack Installation8 pages
Preview: Installing
Installing22 pages
Preview: Hardware Installation Guide
Hardware Installation Guide62 pages
Preview: Installation Guide
Installation Guide20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco MDS 9000 Series and is the answer not in the manual?

Cisco MDS 9000 Series Specifications

General IconGeneral
BrandCisco
ModelMDS 9000 Series
CategorySwitch
LanguageEnglish

Related product manuals