Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
7-73
Cisco ASA Series 명령 참조, S 명령
7장 show failover through show ipsec stats traffic 명령
show ipsec sa
예
글로벌 컨피그레이션 모드에서 입력한 다음 예는 할당된 IPv6 주소와 전송 모드 및 GRE 캡슐화 표
시를 포함하여 IPsec SA를 표시합니다.
시를 포함하여 IPsec SA를 표시합니다.
ciscoasa(config)# sho ipsec sa
interface: outside
Crypto map tag: def, seq num: 1, local addr: 75.2.1.23
local ident (addr/mask/prot/port): (75.2.1.23/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (75.2.1.60/255.255.255.255/47/0)
current_peer: 75.2.1.60, username: rashmi
dynamic allocated peer ip: 65.2.1.100
dynamic allocated peer ip(ipv6): 2001:1000::10
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 4
local crypto endpt.: 75.2.1.23/4500, remote crypto endpt.: 75.2.1.60/64251
path mtu 1342, ipsec overhead 62(44), override mtu 1280, media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: D9C00FC2
current inbound spi : 4FCB6624
inbound esp sas:
spi: 0x4FCB6624 (1338730020)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, GRE, IKEv2, }
slot: 0, conn_id: 8192, crypto-map: def
sa timing: remaining key lifetime (sec): 28387
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x0003FFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xD9C00FC2 (3653242818)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, GRE, IKEv2, }
slot: 0, conn_id: 8192, crypto-map: def
sa timing: remaining key lifetime (sec): 28387
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
전역 설정 모드에서 입력한 다음 예는 터널을 OSPFv3으로 식별하는 데 사용 중인 설정을 포함하
여 IPsec SA를 표시합니다.
여 IPsec SA를 표시합니다.
ciscoasa(config)# show ipsec sa
interface: outside2
Crypto map tag: def, local addr: 10.132.0.17
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.20.0.21/255.255.255.255/0/0)
current_peer: 172.20.0.21
dynamic allocated peer ip: 10.135.1.5
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0