Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
7-80
Cisco ASA Series 명령 참조 , S 명령
7장 show failover through show ipsec stats traffic 명령
show ipsec sa
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 326, #pkts decrypt: 326, #pkts verify: 326
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC
rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 35
local crypto endpt.: 75.2.1.23/4500, remote crypto endpt.: 75.2.1.60/64251
path mtu 1342, ipsec overhead 62(44), override mtu 1280, media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: D9C00FC2
current inbound spi : 4FCB6624
inbound esp sas:
spi: 0x4FCB6624 (1338730020)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, GRE, IKEv2, }
slot: 0, conn_id: 8192, crypto-map: def
sa timing: remaining key lifetime (sec): 28108
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xD9C00FC2 (3653242818)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, GRE, IKEv2, }
slot: 0, conn_id: 8192, crypto-map: def
sa timing: remaining key lifetime (sec): 28108
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
관련 명령
명령
설명
clear configure isakmp
모든 ISAKMP 컨피그레이션을 지웁니다.
clear configure isakmp
policy
모든 ISAKMP 정책 컨피그레이션을 지웁니다.
clear isakmp sa
IKE 런타임 SA 데이터베이스를 지웁니다.
isakmp enable
IPsec 피어가 ASA와 통신하는 인터페이스에서 ISAKMP 협상을 활성화
합니다.
합니다.
show running-config
isakmp
모든 활성 ISAKMP 컨피그레이션을 표시합니다.