Patton electronic SmartNode 4110 Series ユーザーズマニュアル

VPN configuration task list

SmartWare Software Configuration Guide 

Example: Display IPsec transformation profiles

node(cfg)#show profile ipsec-transform

IPSEC transform profiles:

Name: AES_128
 ESP Encryption: AES-CBC, Key length: 128

Example: Display IPsec policy profiles

node(cfg)#show profile ipsec-policy-manual

Manually keyed IPsec policy profiles:

Name: ToBerne, Peer: 200.200.200.1, Mode: tunnel, transform-profile: AES_128
 ESP SPI Inbound: 1111, Outbound: 2222
 ESP Encryption Key Inbound: 1234567890ABCDEF1234567890ABCDEF
 ESP Encryption Key Outbound: FEDCBA0987654321FEDCBA0987654321

A debug monitor and an additional 

 command are at your disposal to debug IPsec problems.

Procedure: To debug IPsec connections

Mode: Configure

Example: IPsec Debug Output

node(cfg)#debug ipsec
IPSEC monitor on
23:11:04  ipsec > Could not find security association for inbound ESP packet. 
SPI:1201

Example: Display IPsec Security Associations

node(cfg)#show ipsec security-associations

Active security associations:

Dir Type        Policy     Mode       Udp-Encapsulation
Peer            SPI AH     SPI ESP    AH           ESP-Auth    ESP-Enc
Bytes (processed/lifetime) Seconds (age/lifetime)

Enables IPsec debug monitor

Summarizes the configuration information of all 
IPsec connections. If an IPsec connection does 
not show up, then one or more parameters are 
missing in the respective Policy Profile.
The information ‘Bytes (processed)’ supports 
debugging because it indicates whether IPsec 
packets depart from (‘OUT’) or arrive at (‘IN’) the 
SmartNode.