Displaying IPsec security association information
Use the following procedure to display IPsec security association information.
Procedure
Example
Display information on IPsec security association policies:
Switch:1>enable Switch:1#show ipsec sa all ========================================================================= IPSEC Security Association Table ========================================================================= sa-name: ospf1 key-Mode: manual Encap protocol: ESP SPI Value: 9 Encrypt Algorithm: 3dec-cbc Encrypt-key: 52fb29f723b0800870dc83e3 Encrypt-key-Len: 24 Auth Algorithm: hmac-md5 Auth-key: 123456789abcdef0 Auth-key-Len: 16 Mode: transport Lifetime-Sec: 1000 Lifetime-Byte: 20000 Switch:1#show ipsec sa name ospf1 ========================================================================= IPSEC Security Association Table ========================================================================= sa-name: ospf1 key-Mode: manual Encap protocol: ESP SPI Value: 9 Encrypt Algorithm: 3dec-cbc Encrypt-key: 52fb29f723b0800870dc83e3 Encrypt-key-Len: 24 Auth Algorithm: hmac-md5 Auth-key: 123456789abcdef0 Auth-key-Len: 16 Mode: transport Lifetime-Sec: 1000 Lifetime-Byte: 20000 Switch:1#show ipsec sa-policy ========================================================================= SA POLICY TABLE ========================================================================= Policy Name Security Association ------------------------------------------------------------------------- ospf1 ospf1 -------------------------------------------------------------------------
Variable Definitions
The following table defines parameters for the show ipsec sa command.
Variable |
Value |
---|---|
all |
Displays all security associations. |
name WORD<1–32> |
Displays a specific security association based on name. |
Use the data in the following table to use the show ipsec command.
Variable |
Value |
---|---|
sa-policy |
Displays all security associations linked to a specific policy. |
Job aid
The following table describes the fields in the output for the show ipsec sa all and show ipsec saname commands.
Parameter |
Description |
---|---|
sa-name |
Specifies all of the IPsec security association names. |
key-Mode |
Specifies the key mode as manual or automatic. The default is automatic. |
Encap protocol |
Specifies the encapsulation protocol. |
SPI Value |
Specifies the SPI value, which is a tag added to the IP header. For IPsec to function, each peer must have the same SPI value configured on both peers for a particular policy. |
Encrypt Algorithm |
Specifies the encrypt algorithm as one of the following:
|
Encrypt-key |
Specifies the encrypt-key parameter for the authentication key
in either:
|
Encrypt-key-Len |
Specifies the key length value in a string from 1 to 256 characters. The default KeyLength is 128. |
Mode |
Specifies the mode value as one of the following:
The default is transport mode. |
Lifetime-Sec |
Specifies the lifetime value in seconds. The default is 28800. |
Lifetime-Byte |
Specifies the lifetime value in bytes. The default is 4294966272. |
The following table describes the fields in the output for the show ipsec sa-policy command.
Parameter |
Description |
---|---|
Policy Name |
Specifies the IPsec policy name. |
Security Association |
Specifies the security association name. |