1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Monitoring And Maintaining Ipsec; Ipsec Configuration Example - Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 4
Configuring the SA-VAM2+

Monitoring and Maintaining IPSec

To clear (and reinitialize) IPSec security associations, use one of the following commands in global
configuration mode:
Command
Router(config)# clear crypto sa
or
Router(config)# clear crypto sa counters
or
Router(config)# clear crypto sa peer {ip-address
| peer-name}
or
Router(config)# clear crypto sa map map-name
or
Router(config)# clear crypto sa entry
destination-address protocol spi
To view information about your IPSec configuration, use one or more of the following commands in
EXEC mode:
Command
Router# show crypto ipsec transform-set
Router# show crypto map [interface interface |
tag map-name]
Router# show crypto ipsec sa [map map-name |
address | identity] [detail]
Router# show crypto dynamic-map [tag map-name]
Router# show crypto ipsec security-association
lifetime

IPSec Configuration Example

The following example shows a minimal IPSec configuration where the security associations will be
established via IKE. For more information about IKE, see the "Configuring Internet Key Exchange
Security Protocol" chapter.
An IPSec access list defines which traffic to protect:
access-list 101 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic will be protected. In this example, transform set "myset1" uses
DES encryption and SHA for data packet authentication:
crypto ipsec transform-set myset1 esp-des esp-sha
OL-5979-03
Purpose
Clears IPSec security associations.
Using the clear crypto sa command without parameters
Note
will clear out the full SA database, which will clear out
active security sessions. You may also specify the peer,
map, or entry keywords to clear out only a subset of the
SA database. For more information, see the clear crypto
sa command.
Purpose
Displays your transform set configuration.
Displays your crypto map configuration.
Displays information about IPSec security associations.
Displays information about dynamic crypto maps.
Displays global security association lifetime values.
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Configuration Tasks
4-17

Advertisement

Table of Contents
loading

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Content for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents