show ipsec sa

Display Internet Protocol Security (IPsec) security association information.

Syntax

Command Parameters

all
Displays all of the IPsec security association information.
name WORD<1-32>
Displays information about a specific IPsec security association.

Default

None

Command Mode

User EXEC

Command Output

The show ipsec sa command displays the following information:

Output field

Description

sa-name

Specifies all of the IPsec security association names.

key-Mode

Specifies the key mode as manual or automatic. The default is automatic.

Encap protocol

Specifies the encapsulation protocol.

SPI Value

Specifies the SPI value, which is a tag added to the IP header. For IPsec to function, each peer must have the same SPI value configured on both peers for a particular policy.

Encrypt Algorithm
Specifies the encrypt algorithm as one of the following:

  • 3DES-CBC

  • AES-CBC

  • AES-CTR

  • NULL—Only used to debug.

Encrypt-key
Specifies the encrypt-key parameter for the authentication key in either:

  • hex– Specifies hexadecimal.

  • ascii–Specifies ASCII, the American Standard Code for Information Interchange character encoding scheme.

Encrypt-key-Len

Specifies the key length value in a string from 1 to 256 characters. The default KeyLength is 128.

Mode
Specifies the mode value as one of the following:

  • tunnel—Tunnel mode encapsulates the entire IP packet and provides a secure tunnel.

  • transport—Transport mode encapsulates the IP payload and provides a secure connection between two endpoints.

The default is transport mode.

Lifetime-Sec

Specifies the lifetime value in seconds. The default is 28800.

Lifetime-Byte

Specifies the lifetime value in bytes. The default is 4294966272.
9037144-00 Rev AA