Display IKE Security Association

Use the following procedure to display the configured IKE Phase 1 for version 1 and 2 security associations (SA).

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Display all the security associations:

    show ike sa

  3. Display security associations for IKE Phase 1 for version 1:

    show ike sa version v1 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256>

  4. Display security associations for IKE Phase 1 for version 2:

    show ike sa version v2 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256>

Example

Switch:1(config)#show ike sa version v1

==========================================================================================
                      IKE V1 Phase 1 Security Association

==========================================================================================
Policy          Addr                                                       Initiator/
Name           Type Local Address              Remote Address             Responder 
------------------------------------------------------------------------------------------
ikepsk          IPv4 192.0.2.5                 198.51.100.15              Initiator 


==========================================================================================
                      IKE V1 Phase 1 Security Association

==========================================================================================
                DPD        Hash   Encrypt   DH     Lifetime           
Name            Timeout    Algo   Algo     Group   seconds    Status  
------------------------------------------------------------------------------------------
ikepsk          300        sha    aesCbc  modp2048 3600       active  

Switch:1(config)#show ike sa version v2

==========================================================================================
                      IKE V2 Phase 1 Security Association

==========================================================================================
Policy          Addr                                                       Initiator/
Name           Type Local Address              Remote Address             Responder 
------------------------------------------------------------------------------------------
v2policy        IPv4 203.0.113.6               198.51.100.20              Responder 


==========================================================================================
                      IKE V2 Phase 1 Security Association

==========================================================================================
                DPD        Hash   Encrypt Integrity  DH         Lifetime           
Name            Timeout    Algo   Algo    Algo        Group     seconds    Status  
------------------------------------------------------------------------------------------
v2policy        300        sha256 aesCbc             modp2048   86400      active  

Variable Definition

The following table defines parameters for the show ike sa command.

Variable

Value

sa

Specifies the IKE security association identifier.

version v1 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256>

Specifies the local IPv4 or IPv6 address for IKE Phase 1, version 1 SA.

version v2 WORD<1-32> laddr WORD<1-256> raddr WORD<1-256>

Specifies the local IPv4 or IPv6 address for IKE Phase 1, version 2 SA.