Filter
Top Products
4-10
Integrated Services Adapter and Integrated Services Module Installation and Configuration
OL-3575-01 B0
Chapter 4 Configuring the ISA and ISM
Verifying Configuration
To clear (and reinitialize) IPSec security associations, use one of the following commands in global
configuration mode:
To view information about your IPSec configuration, use one or more of the following commands in
EXEC mode:
The following is sample output for the show crypto ipsec transform-set command. This command
shows the type of transform set configured on the router.
Router# show crypto ipsec transform-set
Transform set combined-des-md5: {esp-des esp-md5-hmac}
will negotiate = {Tunnel,},
Transform set t1: {esp-des esp-md5-hmac}
will negotiate = {Tunnel,},
Transform set t100: {ah-sha-hmac}
will negotiate = {Transport,},
Transform set t2: {ah-sha-hmac}
will negotiate = {Tunnel,},
{esp-des}
will negotiate = {Tunnel,},
The following is sample output for the show crypto map command. Peer 172.21.114.67 is the IP address
of the remote IPSec peer. Extended IP access list 141 lists the access list associated with the crypto map.
Current peer indicates the current IPSec peer. Security-association lifetime indicates the lifetime of the
security association. PFS N indicates that IPSec does not negotiate perfect forward secrecy when
establishing new security associations for this crypto map. Transform sets indicates the name of the
transform set that can be used with the crypto map.
Router# show crypto map
Crypto Map: “router-alice” idb: Ethernet0 local address: 172.21.114.123
Crypto Map “router-alice” 10 ipsec-isakmp
Command Purpose
clear crypto sa
or
clear crypto sa peer {ip-address | peer-name}
or
clear crypto sa map map-name
or
clear crypto sa spi destination-address
protocol spi
Clear IPSec security associations (SAs).
Using the clear crypto sa command without
parameters clears out the full SA database,
which clears out active security sessions. You
may also specify the peer, map, or spi keywords
to clear out only a subset of the SA database.
Command Purpose
show crypto ipsec transform-set View your transform set configuration.
show crypto map [interface interface | tag
map-name]
View your crypto map configuration.
show crypto ipsec sa [map map-name | address
| identity | detail | interface]
View information about IPSec security
associations.
show crypto dynamic-map [tag map-name] View information about dynamic crypto maps.
show crypto ipsec
security-association-lifetime
View global security association lifetime values.