Chapter 4 Configuring the ISA and ISM
Verifying Configuration
To clear (and reinitialize) IPSec security associations, use one of the following commands in global configuration mode:
Command | Purpose | |
|
| |
clear crypto sa | Clear IPSec security associations (SAs). | |
or | Using the clear crypto sa command without | |
clear crypto sa peer | parameters clears out the full SA database, | |
which clears out active security sessions. You | ||
or | ||
may also specify the peer, map, or spi keywords | ||
clear crypto sa map | to clear out only a subset of the SA database. | |
| ||
or |
| |
clear crypto sa spi |
| |
protocol spi |
| |
|
|
To view information about your IPSec configuration, use one or more of the following commands in EXEC mode:
Command | Purpose |
|
|
show crypto ipsec | View your transform set configuration. |
|
|
show crypto map [interface interface tag | View your crypto map configuration. |
| |
|
|
show crypto ipsec sa [map | View information about IPSec security |
identity detail interface] | associations. |
|
|
show crypto | View information about dynamic crypto maps. |
|
|
show crypto ipsec | View global security association lifetime values. |
|
|
|
|
The following is sample output for the show crypto ipsec
Router# show crypto ipsec transform-set
Transform set
will negotiate | = | {Tunnel,}, |
Transform set t1: | ||
will negotiate | = | {Tunnel,}, |
Transform set t100: | ||
will negotiate | = | {Transport,}, |
Transform set t2: | ||
will negotiate | = | {Tunnel,}, |
|
| |
will negotiate | = | {Tunnel,}, |
The following is sample output for the show crypto map command. Peer 172.21.114.67 is the IP address of the remote IPSec peer. Extended IP access list 141 lists the access list associated with the crypto map. Current peer indicates the current IPSec peer.
Router# show crypto map
Crypto Map:
Crypto Map
| Integrated Services Adapter and Integrated Services Module Installation and Configuration |
