Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

7-74

Cisco ASA Series 명령 참조 , S 명령

7장 show failover through show ipsec stats traffic 명령

show ipsec sa

#pkts decaps: 1145, #pkts decrypt: 1145, #pkts verify: 1145

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 2, #pre-frag failures: 1, #fragments created: 10

#PMTUs sent: 5, #PMTUs rcvd: 2, #decapstulated frags needing reassembly: 1

#send errors: 0, #recv errors: 0

local crypto endpt.: 10.132.0.17, remote crypto endpt.: 172.20.0.21

path mtu 1500, ipsec overhead 60, media mtu 1500

current outbound spi: DC15BF68

inbound esp sas:

spi: 0x1E8246FC (511854332)

transform: esp-3des esp-md5-hmac

in use settings ={L2L, Transport, Manual key (OSPFv3),}

slot: 0, conn_id: 3, crypto-map: def

sa timing: remaining key lifetime (sec): 548

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0xDC15BF68 (3692412776)

transform: esp-3des esp-md5-hmac

in use settings ={L2L, Transport, Manual key (OSPFv3), }

slot: 0, conn_id: 3, crypto-map: def

sa timing: remaining key lifetime (sec): 548

IV size: 8 bytes

replay detection support: Y

Crypto map tag: def, local addr: 10.132.0.17

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

ciscoasa(config)#

참고

조각화 통계는 IPsec SA 정책에 IPsec 처리 전 조각화가 발생하도록 규정된 경우 사전 조각화 통계
입니다. 사후 조각화 통계는 SA 정책에 IPsec 처리 후 조각화가 발생하도록 규정된 경우에 표시됩
니다.

글로벌 컨피그레이션 모드에서 입력된 다음 예에서는 def라는 암호화 맵에 대한 IPsec SA를 표시
합니다.

ciscoasa(config)# show ipsec sa map def

cryptomap: def

Crypto map tag: def, local addr: 172.20.0.17

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (10.132.0.21/255.255.255.255/0/0)

current_peer: 10.132.0.21

dynamic allocated peer ip: 90.135.1.5

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 1146, #pkts decrypt: 1146, #pkts verify: 1146