You are here: Home > CLI Commands > Just_CLI_Topics > show crypto ipsec

show crypto ipsec

show crypto ipsec {ipsec-map-id | mtu | sa [peer v6 <peer-ipv6> | peer <peer-ip>] | transform-set [tag <transform-set-name>]}

Descriptions

Displays the current IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. configuration on the managed device.

Syntax

Parameter

Description

ipsec-map-id

Shows IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. MAP to ID mapping.

mtu

Shows IPSec max mtuMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet..

sa

Shows security associations (SAs).

peer ip6 <peer-ipv6>

Shows IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. SAs for an IPv6 peer.

peer <peer-ip>

Shows IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. SAs for this IP.

transform-set

Shows IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. transform sets.

tag <transform-set-name>

Shows a specific transform set.

Usage Guidelines

Execute the show crypto ipsec command to view the Maximum Transmission Unit (MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet.) size allowed for network transmissions using IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. security. It also displays the transform sets that define a specific encryption and authentication type.

Examples

The show crypto ipsec transform-set command displays the settings for both preconfigured and manually configured transform sets.

(host) [mynode] #show crypto ipsec transform-set

Transform set default-transform: { esp-3des esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-ml-transform: { esp-3des esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-boc-bm-transform: { esp-3des esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-cluster-transform: { esp-aes256 esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-1st-ikev2-transform: { esp-aes256 esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-3rd-ikev2-transform: { esp-aes128 esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-gcm256: { esp-aes256-gcm esp-null-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-gcm128: { esp-aes128-gcm esp-null-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-rap-transform: { esp-aes256 esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-remote-node-bm-transform: { esp-3des esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set default-aes: { esp-aes256 esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set newset: { esp-3des esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Transform set name: { esp-aes256-gcm esp-sha-hmac }

will negotiate = { Transport, Tunnel }

Use the peer parameter to view details about an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. connection.

(host) [mynode] #show crypto ipsec sa peer 80.254.65.210

Initiator IP: 80.254.65.210

Responder IP: 10.69.69.16

Initiator: No

Initiator cookie:018006409496dde5 Responder cookie:659f346abddccaf7

SA Creation Date: Fri Jun 25 13:21:23 2010

Life secs: 7200

Initiator Phase2 ID: 10.69.16.7/255.255.255.255

Responder Phase2 ID: 0.0.0.0/0.0.0.0

Phase2 Transform: EncAlg:esp-3des HMAC:esp-sha-hmac

Encapsulation Mode:UDP-encapsulated Tunnel

IP Compression Disabled

PFS: No

OUT SPI 1b0aa012, IN SPI 1b5c5300

Inner IP 10.69.16.7, internal type C

Aruba VIA

Reference count: 3

Execute the show crypto ipsec sa command to check the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. security associations.

(host) [mynode] #show crypto ipsec sa

IPSEC SA (V2) Active Session Information

-----------------------------------

Initiator IP Responder IP SPI(IN/OUT) Flags Start Time Inner IP

------------ ------------ ---------------- ----- --------------- --------

10.17.24.20 10.17.24.19 44e59700/2b907e00 UT2 Mar 1 20:18:09 -

Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap

L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2

Total IPSEC SAs: 1

Related Commands

Command

Description

crypto ipsec

Use this command to configure IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. parameters.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/