Displaying IPsec security association information

Use the following procedure to display IPsec security association information.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Display all IPsec security associations:

    show ipsec sa all

  3. Display a specific IPsec security association:

    show ipsec sa name WORD<1–32>

  4. Display all security associations linked to a specific policy:

    show ipsec sa-policy

Example

Display information on IPsec security association policies:

Switch:1>enable
Switch:1#show ipsec sa all
=========================================================================
                        IPSEC Security Association Table
=========================================================================
sa-name: ospf1
key-Mode: manual
Encap protocol: ESP
SPI Value: 9
Encrypt Algorithm: 3dec-cbc
Encrypt-key: 52fb29f723b0800870dc83e3
Encrypt-key-Len: 24
Auth Algorithm: hmac-md5
Auth-key: 123456789abcdef0
Auth-key-Len: 16
Mode: transport
Lifetime-Sec: 1000
Lifetime-Byte: 20000

Switch:1#show ipsec sa name ospf1

=========================================================================
                        IPSEC Security Association Table
=========================================================================
sa-name: ospf1
key-Mode: manual
Encap protocol: ESP
SPI Value: 9
Encrypt Algorithm: 3dec-cbc
Encrypt-key: 52fb29f723b0800870dc83e3
Encrypt-key-Len: 24
Auth Algorithm: hmac-md5
Auth-key: 123456789abcdef0
Auth-key-Len: 16
Mode: transport
Lifetime-Sec: 1000
Lifetime-Byte: 20000

Switch:1#show ipsec sa-policy          

=========================================================================
                                SA POLICY TABLE
=========================================================================
 Policy Name       Security Association 
-------------------------------------------------------------------------
 ospf1             ospf1
-------------------------------------------------------------------------

Variable Definitions

The following table defines parameters for the show ipsec sa command.

Variable

Value

all

Displays all security associations.

name WORD<1–32>

Displays a specific security association based on name.

Use the data in the following table to use the show ipsec command.

Variable

Value

sa-policy

Displays all security associations linked to a specific policy.