Chapter 4 Configuring the VSA
Configuration Tasks
To view information about your IPSec configuration, use one or more of the following commands in EXEC mode:
Command |
| Purpose |
|
|
|
Router# show crypto | ipsec | Displays your transform set configuration. |
|
|
|
Router# show crypto | map [interface interface | Displays your crypto map configuration. |
tag |
|
|
|
|
|
Router# show crypto | ipsec sa [map | Displays information about IPSec security associations. |
address identity] | [detail] |
|
|
|
|
Router# show crypto | Displays information about dynamic crypto maps. | |
|
|
|
Router# show crypto | ipsec | Displays global security association lifetime values. |
lifetime |
|
|
|
|
|
Verifying IKE and IPSec Configurations
To view information about your IPSec configurations, use the show crypto ipsec
Note If a user enters an IPSec transform that the hardware (the IPSec peer) does not support, a warning message will be displayed in the show crypto ipsec
The following sample output from the show crypto ipsec
Router# show crypto ipsec
Transform set
WARNING:encryption hardware does not support transform
To view information about your IKE configurations, use show crypto isakmp policy EXEC command.
Note If a user enters an IKE encryption method that the hardware does not support, a warning message will be displayed in the show crypto isakmp policy output.
The following sample output from the show crypto isakmp policy command displays a warning message after a user tries to configure an IKE encryption method that the hardware does not support:
Router# show crypto isakmp policy
Protection suite of priority 1
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
WARNING:encryption hardware does not support the configured encryption method for ISAKMP policy 1
hash algorithm: | Secure Hash Standard |
authentication method: | |
#1 (768 bit) | |
lifetime: | 3600 seconds, no volume limit |
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| ||
|
|
