Chapter 4 Configuring the VSA
Configuration Tasks
Verifying the Configuration
Some configuration changes take effect only after subsequent security associations are negotiated. For the new settings to take effect immediately, clear the existing security associations.
To clear (and reinitialize) IPSec security associations, use one of the commands in Table
Table
Command | Purpose | |
|
| |
clear crypto sa | Clear IPSec security associations (SAs). | |
or | Using the clear crypto sa command without | |
clear crypto sa peer | ||
parameters clears out the full SA database, which | ||
or | clears out active security sessions. You may also | |
clear crypto sa map | specify the peer, map, or spi keywords to clear | |
or | ||
out only a subset of the SA database. | ||
clear crypto sa spi | ||
| ||
protocol spi |
| |
|
|
The following steps provide information on verifying your configurations:
Step 1 Enter the show crypto ipsec
Router# show crypto ipsec
Transform set
Transform set t1:
Transform set t100:
Transform set t2:
will negotiate = {Tunnel,},
Step 2 Enter the show crypto map [interface interface tag
Router# show crypto map
Crypto Map:
Crypto Map
Peer = 172.21.114.67
Extended IP access list 141
source: addr = 172.21.114.123/0.0.0.0
dest: addr = 172.21.114.67/0.0.0.0 Current peer: 172.21.114.67
PFS (Y/N): N Transform sets={t1,}
Step 3 Enter the show crypto ipsec sa [map
view information about IPSec security associations:
Router# show crypto ipsec sa
interface: Ethernet0
Crypto map tag:
local ident (addr/mask/prot/port): (172.21.114.123/255.255.255.255/0/0)
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| |
|