
OnSite 2800 Series User Manual | 6 • VPN configuration |
|
|
Example: Display IPsec transformation profiles
2800(cfg)#show profile
IPSEC transform profiles:
Name: AES_128
ESP Encryption:
Example: Display IPsec policy profiles
2800(cfg)#show profile
Manually keyed IPsec policy profiles:
Name: ToBurg, Peer: 200.200.200.1, Mode: tunnel,
ESP Encryption Key Inbound: 1234567890ABCDEF1234567890ABCDEF
ESP Encryption Key Outbound: FEDCBA0987654321FEDCBA0987654321
Debugging IPsec
A debug monitor and an additional show command are at your disposal to debug IPsec problems.
Procedure: To debug IPsec connections
Mode: Configure
Step | Command | Purpose |
|
|
|
1 | node(cfg)#debug ipsec | Enables IPsec debug monitor |
2 | node(cfg)#show ipsec | Summarizes the configuration information of all |
optional | ations | IPsec connections. If an IPsec connection does |
|
| not show up, then one or more parameters are |
|
| missing in the respective Policy Profile. |
|
| The information ‘Bytes (processed)’ supports |
|
| debugging because it indicates whether IPsec |
|
| packets depart from (‘OUT’) or arrive at (‘IN’) the |
|
| OnSite router. |
|
|
|
Example: IPsec Debug Output
2800(cfg)#debug ipsec IPSEC monitor on
23:11:04 ipsec > Could not find security association for inbound ESP packet. SPI:1201
Example: Display IPsec Security Associations
2800(cfg)#show ipsec
Active security associations:
Dir Type | Policy | Mode |
| ||
Peer | SPI AH | SPI ESP | AH | ||
Bytes (processed/lifetime) | Seconds (age/lifetime) |
|
|
VPN configuration task list | 74 |