Display IKE Policies
Use the following procedure to display the configured IKE policies.
Procedure
Example
Switch:1#show ike policy
==========================================================================================
IKE Policy
==========================================================================================
Policy Addr Profile
Name Type Local Address Remote Address Name
------------------------------------------------------------------------------------------
iketest3 IPv4 192.168.152.104 192.168.149.207 test
v1pol IPv4 192.168.152.104 192.168.152.152 ikepro
==========================================================================================
IKE Policy
==========================================================================================
Policy Profile Revocation-Check peer-identity
Name Version Auth-Method Pre-Shared Key Method name
-------------------------------------------------------------------------------------------
iketest3 2 digital-cert ocsp
v1pol 1 digital-cert ocsp
==========================================================================================
IKE Policy
==========================================================================================
Policy DPD Admin Oper Use IKE
Name Timeout State State P2 PFS DH Grp DH Group IntfId
------------------------------------------------------------------------------------------
iketest3 300 enable up disable enable modp1024 3047
v1pol 300 enable up disable enable modp1024 3047
Variable Definition
The following table defines parameters for the show ike policy command.
|
Variable |
Value |
|---|---|
|
policy WORD<1–32> |
Specifies the name of the policy to be displayed. |
|
laddr WORD<1–256> |
Specifies the local IPv4 or IPv6 address. |
|
raddr WORD<1–256> |
Specifies the remote IPv4 or IPv6 address. |
Job aid
The following table describes the fields in the output for the show ike policy command.
|
Parameter |
Description |
|---|---|
|
Policy Name |
Specifies the name of the policy that is displayed. |
|
Addr Type |
Specifies whether the IP address is an IPv4 or IPv6 address. |
|
Local Address |
Specifies the local IPv4 or IPv6 address. |
|
Remote Address |
Specifies the remote IPv4 or IPv6 address. |
|
Profile Name |
Specifies the name of the profile. |
|
Profile version |
Specifies the version of the profile, version 1 or version 2. |
|
Auth-Method |
Specifies the authentication method. The supported values are digital-certificate and pre-shared-key. |
|
Revocation-Check Method |
Specifies the revocation check method as OCSP, CRL or none. |
|
Peer-identity name |
Specifies peer identity name for IKE phase 1. |
|
Pre-Shared Key |
Specifies the pre-shared key value. |
|
DPD Timeout |
Specifies the Dead-peer detection timeout in seconds. The supported value ranges from 1 to 4294967295 seconds. |
|
Admin State |
Specifies whether the IKE admin state is enabled or disabled. |
|
Oper State |
Specifies whether the policy is operational or not. The values are up and down. |
|
P2 PFS |
Specifies whether Phase 2 perfect forward secrecy is enabled or not. |
|
Use IKE DH Grp |
Specifies whether IKE can use the DH group or not. The values are enable and disable. |
|
DH Group |
Specifies the type of DH group selected. The supported values are modp768, modp1024, and modp2048. |
|
IntfId |
Specifies the ID of the interface on which the policy is applied. |