Table Of Contents; Common Troubleshooting Commands In The Cli; Ipsec Issues - Cisco MDS 9000 Manual
Hide thumbs
Also See for MDS 9000:
- Command reference manual (1464 pages) ,
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages)
Table of Contents
Advertisement
Chapter 22
Troubleshooting IPsec
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Common Troubleshooting Commands in the CLI
Use the following commands to troubleshoot IPsec issues:
•
•
•
•
Use the following internal commands to gather more information for IPsec issues:
•
•
•
Use the following commands to gather information from the hardware accelerator:
•
•
IPsec Issues
This section provides the procedures required to troubleshoot IKE and IPsec issues in an FCIP
configuration.
data between switches MDS A and MDS C.
Figure 22-1
MDS C
This section includes the following topics:
•
•
•
•
•
•
•
OL-9285-05
show crypto transform-set domain ipsec
show crypto global domain ipsec
show crypto global domain ipsec security-association lifetime
show crypto sad domain ipsec
show ipsec internal error-Displays a log of error history.
show ipsec internal mem-stats detail-Displays memory usage.
show ipsec internal event-history msgs -Displays a log of message history.
show ipsec internal crypto-accelerator interface gigabit 2/1 sad inbound/outbound sa-index-
Displays detailed information of an SA from the hardware accelerator.
show ipsec internal crypto-accelerator interface gigabit 2/1 stats-Displays detailed information
per interface from the hardware accelerator.
Figure 22-1
shows a simple FCIP configuration where FCIP Tunnel 2 carries encrypted
Simple FCIP Configuration
Tunnel 2
10.10.100.232
Verifying IKE Configuration Compatibility, page 22-6
Verifying Interface Status Using the CLI, page 22-9
Verifying Security Associations, page 22-12
10.10.100.231
FCIP
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
MDS A
IPsec Issues
22-5
Advertisement
Table of Contents
Troubleshooting
