Cisco Systems SM-ISM, SA-ISA manual Router# show crypto ipsec sa interface Ethernet0

Page 47

Chapter 4 Configuring the ISA and ISM

Verifying Configuration

Peer = 172.21.114.67

Extended IP access list 141

access-list 141 permit ip

source: addr = 172.21.114.123/0.0.0.0

dest: addr = 172.21.114.67/0.0.0.0 Current peer: 172.21.114.67

Security-association lifetime: 4608000 kilobytes/120 seconds

PFS (Y/N): N

Transform sets={t1,}

The following is sample output for the show crypto ipsec sa command:

Router# show crypto ipsec sa interface: Ethernet0

Crypto map tag: router-alice, local addr. 172.21.114.123

local ident (addr/mask/prot/port): (172.21.114.123/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0)

current_peer: 172.21.114.67 PERMIT, flags={origin_is_acl,}

#pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10

#pkts decaps: 10, #pkts decrypt: 10, #pkts verify 10 #send errors 10, #recv errors 0

local crypto endpt.: 172.21.114.123, remote crypto endpt.: 172.21.114.67 path mtu 1500, media mtu 1500

current outbound spi: 20890A6F inbound esp sas:

spi: 0x257A1039(628756537) transform: esp-des esp-md5-hmac, in use settings ={Tunnel,}

slot: 0, conn id: 26, crypto map: router-alice

sa timing: remaining key lifetime (k/sec): (4607999/90)

IV size: 8 bytes

replay detection support: Y inbound ah sas:

outbound esp sas:

spi: 0x20890A6F(545852015) transform: esp-des esp-md5-hmac, in use settings ={Tunnel,}

slot: 0, conn id: 27, crypto map: router-alice

sa timing: remaining key lifetime (k/sec): (4607999/90)

IV size: 8 bytes

replay detection support: Y outbound ah sas:

interface: Tunnel0

Crypto map tag: router-alice, local addr. 172.21.114.123

local ident (addr/mask/prot/port): (172.21.114.123/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0)

current_peer: 172.21.114.67 PERMIT, flags={origin_is_acl,}

#pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10

#pkts decaps: 10, #pkts decrypt: 10, #pkts verify 10 #send errors 10, #recv errors 0

local crypto endpt.: 172.21.114.123, remote crypto endpt.: 172.21.114.67 path mtu 1500, media mtu 1500

current outbound spi: 20890A6F inbound esp sas:

spi: 0x257A1039(628756537)

 

 

transform: esp-des esp-md5-hmac,

 

 

in use settings ={Tunnel,}

 

 

slot: 0, conn id: 26, crypto map: router-alice

 

 

sa timing: remaining key lifetime (k/sec): (4607999/90)

 

 

IV size: 8 bytes

 

 

replay detection support: Y

 

 

inbound ah sas:

 

 

Integrated Services Adapter and Integrated Services Module Installation and Configuration

 

 

 

 

 

 

 

 

 

 

 

 

OL-3575-01 B0

 

 

4-11

 

 

 

 

 

Image 47
Contents Text Part Number OL-3575-01 B0 Corporate HeadquartersCopyright 1999- 2003 Cisco Systems, Inc All rights reserved N T E N T S Configuring the ISA and ISM Objectives PrefaceAudience Installation WarningBoldface font Document OrganizationDocument Conventions Section Title DescriptionIndicates a comment line Italic screen fontVii Terms and AcronymsViii Related DocumentationCisco 7100 series routers Cisco.com Obtaining DocumentationDocumentation Feedback Documentation CD-ROMOrdering Documentation Technical Assistance Center Obtaining Technical AssistanceCisco TAC Escalation Center Obtaining Additional Publications and InformationXiv ISA and ISM Overview OverviewData Encryption Overview Feature Description FeaturesCisco 7100 Series Routers Slot Numbering Port Adapter Slot Locations on the Supported PlatformsPort adapter in slot ISM in slot Cisco 7200 Series Routers Slot NumberingLEDs LEDsLED Label Color State Function BootOL-3575-01 B0 Required Tools and Equipment Preparing for InstallationPlatform Recommended Minimum Cisco IOS Release ISA and ISA ISA with VAM Safety GuidelinesSafety Warnings Encryption mppe commandPreparing for Installation Safety Guidelines Preventing Electrostatic Discharge Damage Electrical Equipment GuidelinesOL-3575-01 B0 Handling the ISA or the ISM Removing and Installing the ISA and the ISMHandling the ISM Online Insertion and RemovalRemoving and Installing the ISA and the ISM ISA or ISM Removal and Installation Step Cisco 7100 Series-Removing and Installing the ISMGuide Cisco 7200 Series-Removing and Installing the ISAOverview Configuring the ISA and ISMEnabling Mppe Using the Exec Command InterpreterEnter controller configuration mode on Enables Mppe encryptionSpecify the encryption algorithm Configuring IKEConfig-isakmp command mode Identify the policy to create, and enterCreating Crypto Access Lists Configuring IPSecDefining a Transform Set Step Command Purpose Creating Crypto Maps Exit crypto map configuration mode Crypto map configuration modeSpecify an extended access list. This Access list determines which traffic isApply a crypto map set to an interface Verifying ConfigurationExit interface configuration mode Applying Crypto Maps to InterfacesCommand Purpose Router# show crypto ipsec sa interface Ethernet0 IPSec Example Configuring the ISA and ISM IPSec ExampleRouter B Configuration OL-3575-01 B0 D E IN-2