Displaying Ipsec Configurations - Cisco MDS 9000 Series Configuration Manual

Displaying IPsec Configurations

Displaying IPsec Configurations
You can verify the IPsec information by using the show set of commands. See the following examples.
Displays Information for the Specified ACL
switch# show ip access-list acl10
ip access-list acl10 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 (0 matches)
In the above example, the display output match is only displayed of an interface (not the crypto map)
meets this criteria.
Displays the Transform Set Configuration
switch# show crypto transform-set domain ipsec
Transform set: 1/1 {esp-3des esp-sha256-hmac}
Transform set: ipsec_default_transform_set {esp-aes 128 esp-sha1-hmac}
Displays All Configured Crypto Maps
switch# show crypto map domain ipsec
Crypto Map "cm10" 1 ipsec
Crypto Map "cm100" 1 ipsec
Displays the Crypto Map Information for a Specific Interface
switch# show crypto map domain ipsec interface gigabitethernet 4/1
Crypto Map "cm10" 1 ipsec
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
200
will negotiate {tunnel}
will negotiate {tunnel}
Peer = Auto Peer
IP ACL = acl10
permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
Transform-sets: 3des-md5, des-md5,
Security Association Lifetime: 4500 megabytes/3600 seconds
PFS (Y/N): N
Interface using crypto map set cm10:
GigabitEthernet4/1
Peer = Auto Peer
IP ACL = acl100
permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0
Transform-sets: 3des-md5, des-md5,
Security Association Lifetime: 4500 megabytes/3600 seconds
PFS (Y/N): N
Interface using crypto map set cm100:
GigabitEthernet4/2
Peer = Auto Peer
IP ACL = acl10
permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
Transform-sets: 3des-md5, des-md5,
Security Association Lifetime: 4500 megabytes/3600 seconds
PFS (Y/N): N
Interface using crypto map set cm10:
GigabitEthernet4/1
Configuring IPSec Network Security