IPSec Configuration Example 577
Displaying and Debugging the crypto card
Use the debugging, reset and display command in all views.
Tabl e 655 Display and Debug NDEC Card
IPSec ConfigurationExample The following sections demonstrate the following IPSec configurations:
■Creating an SA Manually
■Creating an SA in IKE Negotiation Mode
■Encrypting, Decrypting, and Authenticating NDEC Cards
Creating an SA Manually Establish a security tunnel between Router-A and Router-B to perform security
protection for the data streams between PC-A represented subnet (10.1.1.x) and
PC-B represented subnet (10.1.2.x). The security protocol adopts ESP protocol,
algorithm adopts DES, and authentication algorithm adopts sha1-hmac-96.
Operation Command
Display the detailed information of crypto
cards (applicable to crypto cards) display encrypt-card details [
slot-id ]
Display all established Security Association
on crypto card (applicable to crypto card) display encrypt-card ipsec sa all [
slot-id ]
Display a specified Security Association on
crypto card (applicable to crypto card) display encrypt-card ipsec sa
parameters remote-address protocol
spi-number
Display statistical information of the
security packets processing on crypto card
(applicable to crypto card)
display encrypt-card statistic [
slot-id ]
Display current operating status of crypto
card (applicable to crypto card) display encrypt-card status [ slot-id
]
Display current operating logging of
crypto card (applicable to crypto card) display encrypt-card syslog [ slot-id
]
Display version number of crypto card
(applicable to crypto card) display encrypt-card version [
slot-id ]
Delete all established Security Association
(applicable to crypto card) reset encrypt-card sa all [ slot-id ]
Delete the specified Security Association
on crypto card (applicable to crypto card) reset encrypt-card sa parameters
remote-address protocol spi-number
Clear the statistical information of security
packets on crypto card (applicable to
crypto card)
reset encrypt-card statistic [
slot-id ]
Clear all the logging information on the
crypto card (applicable to crypto cards) reset encrypt-card syslog [ slot-id ]
Enable the debugging of information,
packets, SA, command, error and other
information (applicable to crypto cards)
debugging encrypt-card { all | packet
| sa | command | error | misc } [
slot-id ]
Enable the debugging of the main
software on the crypto card (applicable to
crypto cards)
debugging encrypt-card host { all |
packet | sa | command | error | misc
}