Display IKE Security Association
Use the following procedure to display the configured IKE Phase 1 for version 1 and 2 security associations (SA).
Procedure
Example
Switch:1(config)#show ike sa version v1
==========================================================================================
IKE V1 Phase 1 Security Association
==========================================================================================
Policy Addr Initiator/
Name Type Local Address Remote Address Responder
------------------------------------------------------------------------------------------
ikepsk IPv4 192.0.2.5 198.51.100.15 Initiator
==========================================================================================
IKE V1 Phase 1 Security Association
==========================================================================================
DPD Hash Encrypt DH Lifetime
Name Timeout Algo Algo Group seconds Status
------------------------------------------------------------------------------------------
ikepsk 300 sha aesCbc modp2048 3600 active
Switch:1(config)#show ike sa version v2
==========================================================================================
IKE V2 Phase 1 Security Association
==========================================================================================
Policy Addr Initiator/
Name Type Local Address Remote Address Responder
------------------------------------------------------------------------------------------
v2policy IPv4 203.0.113.6 198.51.100.20 Responder
==========================================================================================
IKE V2 Phase 1 Security Association
==========================================================================================
DPD Hash Encrypt Integrity DH Lifetime
Name Timeout Algo Algo Algo Group seconds Status
------------------------------------------------------------------------------------------
v2policy 300 sha256 aesCbc modp2048 86400 active
Variable Definition
The following table defines parameters for the show ike sa command.
|
Variable |
Value |
|---|---|
|
sa |
Specifies the IKE security association identifier. |
|
version v1 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256> |
Specifies the local IPv4 or IPv6 address for IKE Phase 1, version 1 SA. |
|
version v2 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256> |
Specifies the local IPv4 or IPv6 address for IKE Phase 1, version 2 SA. |
Job aid
The following table describes the fields in the output for the show ike profile command.
|
Parameter |
Description |
|---|---|
|
Policy Name |
Specifies the name of the IKE Phase 1 policy. |
|
Addr Type |
Specifies whether the IP address is an IPv4 or IPv6 address. |
|
Local Address |
Specifies the local IPv4 or IPv6 address. |
|
Remote Address |
Specifies the remote IPv4 or IPv6 address. |
|
Name |
Specifies the name of the IKE Phase 1 profile. |
|
DPD Timeout |
Specifies the Dead-peer detection timeout in seconds. The supported value ranges from 1 to 4294967295 seconds. |
|
Hash Algo |
Specifies the hash authorization algorithm. The supported values are MD5, SHA1, and SHA256. |
|
Encrypt Algo |
Specifies the crytographic algorithm. The supported values are DES, 3DES, and AES. |
|
DH Group |
Specifies the Diffe-Hellman (DH) group. The supported values are MOD768, MOD1024, and MOD2048. |
|
Lifetime seconds |
Specifies the lifetime value in seconds. The value ranges from 0 to 4294967295 seconds. |
|
Status |
Specifies the status of the security association. |