Router#sh crypto session Crypto session current status Interface: FastEthernet0/1 Session status: UP-ACTIVE Peer: 10.10.10.

2 port 500 IKE SA: local 10.10.10.1/500 remote 10.10.10.2/500 Active IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Active SAs: 2, origin: crypto map Router# Router# Router# Router# Router# Router# Router#sh detail fvrf groups ivrf local remote summary | <cr>

crypto session ? detailed output Front-door VRF show all connected groups usage Inside VRF Show crypto sessions for a local crypto endpoint Show crypto sessions for a remote IKE peer show groups and their members Output modifiers

Router#sh crypto session Crypto session current status Interface: FastEthernet0/1 Session status: UP-ACTIVE Peer: 10.10.10.2 port 500 IKE SA: local 10.10.10.1/500 remote 10.10.10.2/500 Active IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Active SAs: 2, origin: crypto map Router#summ Router#summ Translating "summ"...domain server (255.255.255.255) % Name lookup aborted Router#sh Router#sh Router#sh Router#sh Router#sh cry crypto crypto crypto crypto sss sess session summ session summary

Router# Router# Router#sh crypto session Crypto session current status Interface: FastEthernet0/1 Session status: UP-ACTIVE Peer: 10.10.10.2 port 500 IKE SA: local 10.10.10.1/500 remote 10.10.10.2/500 Active IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Active SAs: 2, origin: crypto map Router#

Router# Router# Router#sh cry Router#sh crypto ? ca call debug-condition dynamic-map eli engine identity ipsec isakmp key map mib optional pki session sockets Router#sh Router#sh key peers policy profile sa

Show certification authority policy Show crypto call admission info Debug Condition filters Crypto map templates Encryption Layer Interface Show crypto engine info Show crypto identity list Show IPSEC policy Show ISAKMP Show long term public keys Crypto maps Show Crypto-related MIB Parameters Optional Encryption Status Show PKI Show crypto sessions (tunnels) Secure Socket Information

crypto is crypto isakmp ? Show ISAKMP preshared keys Show ISAKMP peer structures Show ISAKMP protection suite policy Show ISAKMP profiles Show ISAKMP Security Associations state QM_IDLE conn-id slot status 1 0 ACTIVE

Router#sh crypto isakmp sa dst src 10.10.10.2 10.10.10.1 Router#sh crypto isakmp pee Router#sh crypto isakmp peers Router#sh cry Router#sh crypto ipse Router#sh crypto ipsec client policy profile sa security-association transform-set

? Show Client Status Show IPSEC client policies Show ipsec profile information IPSEC SA table Show parameters for IPSec security associations Crypto transform sets

Router#sh crypto ipsec tra Router#sh crypto ipsec transform-set Transform set test: { esp-aes esp-sha-hmac } will negotiate = { Tunnel, }, Router#sh crypto ipsec sa interface: FastEthernet0/1 Crypto map tag: vpn, local addr 10.10.10.1 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)

current_peer 10.10.10.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9 #pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 10.10.10.1, remote crypto endpt.: 10.10.10.2 path mtu 1500, ip mtu 1500 current outbound spi: 0x6521A960(1696704864) inbound esp sas: spi: 0xFD18E3D9(4246266841) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 3001, flow_id: FPGA:1, crypto map: vpn sa timing: remaining key lifetime (k/sec): (4493278/3526) IV size: 16 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x6521A960(1696704864) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 3002, flow_id: FPGA:2, crypto map: vpn sa timing: remaining key lifetime (k/sec): (4493278/3524) IV size: 16 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: Router#ping 192.168.2.1 source 192.168.1.1 rep Router#ping 192.168.2.1 source 192.168.1.1 repeat 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms Router#ping 192.168.2.1 source 192.168.1.1 repeat 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms Router#ping 192.168.2.1 source 192.168.1.1 repeat 500 Type escape sequence to abort.

Sending 500, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!! Success rate is 100 percent (500/500), round-trip min/avg/max = 1/2/20 ms Router# Router# Router# Router# Router#sh cry Router#sh crypto ? ca Show certification authority policy call Show crypto call admission info debug-condition Debug Condition filters dynamic-map Crypto map templates eli Encryption Layer Interface engine Show crypto engine info identity Show crypto identity list ipsec Show IPSEC policy isakmp Show ISAKMP key Show long term public keys map Crypto maps mib Show Crypto-related MIB Parameters optional Optional Encryption Status pki Show PKI session Show crypto sessions (tunnels) sockets Secure Socket Information Router#sh crypto map Router#sh crypto map ? interface Crypto maps for an interface. tag Crypto maps with a given tag. | Output modifiers <cr> Router#sh crypto map Crypto Map "vpn" 10 ipsec-isakmp Peer = 10.10.10.2 Extended IP access list 101 access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.25 5 Current peer: 10.10.10.2 Security association lifetime: 4608000 kilobytes/3600 seconds PFS (Y/N): N Transform sets={ test, } Interfaces using crypto map vpn: FastEthernet0/1 Router#sh crypto engine bri Router#sh crypto engine brief crypto engine name: Virtual Private Network (VPN) Module crypto engine type: hardware

State: Location: HW Version: Compression: DES: 3 DES: AES CBC: AES CNTR: Maximum buffer length: Maximum DH index: Maximum SA index: Maximum Flow index: Maximum RSA key size: crypto engine name: crypto engine type: serial number: crypto engine state: crypto engine in slot:

Enabled onboard 0 1.0 Yes Yes Yes Yes (128,192,256) No 4096 0150 0150 0300 0000 Cisco VPN Software Implementation software A9857559 installed N/A