Cisco MDS 9000 Manual page 13

Hide thumbs Also See for MDS 9000:

Command reference manual (1464 pages)

Configuration manual (344 pages)

Troubleshooting manual (161 pages)

Table Of Contents

Table of Contents

Chapter 22

Troubleshooting IPsec

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

The SA index can be used to look at the SA in the crypto-accelerator. Issue the show ipsec internal

Step 2

crypto-accelerator interface gigabitethernet slot/port sad [inbound | outbound] sa-index command

to display the inbound or outbound SA information. The hard limit bytes and soft limit bytes fields

display the lifetime in bytes. The hard limit expiry secs and the soft limit expiry secs fields display the

lifetime in seconds.

To issue commands with the internal keyword, you must have an account that is a member of the

Note

network-admin group.

The command outputs follow:

MDSA# show ipsec internal crypto-accelerator interface gigabitethernet 7/1 sad inbound 1

sw172.22.48.91# show ipsec internal crypto-accelerator interface gigabitethernet 7/1 sad

inbound 1

Inbound SA 1 :

MDSC# show ipsec internal crypto-accelerator interface gigabitethernet 1/2 sad inbound 513

Inbound SA 513 :

OL-9285-05

mode:tunnel, crypto algo:esp-3des, auth algo:esp-md5-hmac

tunnel id is:1

current outbound spi:0x38147002 (940863490), index:513

lifetimes in seconds::3600

lifetimes in bytes::483183820800

current inbound spi:0x822a202 (136487426), index:513

lifetimes in seconds::3600

lifetimes in bytes::483183820800

Mode :Tunnel, flags:0x492300000000000

IPsec mode is ESP

Encrypt algorithm is DES/3DES

Auth algorithm is MD5

Source ip address 10.10.100.232/255.255.255.255

Destination ip address 10.10.100.231/255.255.255.255

Physical port 0, mask:0x1

Misc select 0 mask:0x0

Vlan 0 mask:0xfff

Protocol 0 mask:0x0

Source port no 0 mask:0x0

Dest port no 0 mask:0x0

Hard limit 483183820800 bytes

Soft limit 401042571264 bytes

SA byte count 845208 bytes <----Elapsed traffic

SA user byte count 845208 bytes <----Elapsed traffic

Error count:auth:0, pad:0, replay:0

Packet count 7032

Hard limit expiry 1100652419 secs (since January 1, 1970), remaining 219 7 secs

Soft limit expiry 1100652386 secs (since January 1, 1970), remaining 216 4 secs

Sequence number:7033

Antireplay window:0xffffffff.0xffffffff.0xffffffff.0xffffffff

Mode :Tunnel, flags:0x492300000000000

IPsec mode is ESP

Encrypt algorithm is DES/3DES

Auth algorithm is MD5

Source ip address 10.10.100.231/255.255.255.255

Destination ip address 10.10.100.232/255.255.255.255

Physical port 1, mask:0x1

Misc select 0 mask:0x0

Vlan 0 mask:0xfff

Protocol 0 mask:0x0

Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x

IPsec Issues

22-13

Table of Contents

Cisco MDS 9000 Manual page 13

Troubleshooting

Related Manuals for Cisco MDS 9000

Related Products for Cisco MDS 9000

Table of Contents