Cisco Cisco IOS Software Releases 12.2 MC White Paper

IPSec Stateful Failover (VPN High Availability)

Show Configuration Tasks and Examples

Cisco IOS Release 12.2(11)YX, 12.2(11)YX1, 12.2(14)SU, 12.2(14)SU1, and 12.2(14)SU2

access-list 100 remark IPSec Rule

access-list 100 permit ip any 192.168.4.0 0.0.0.255

end

Show Configuration Tasks and Examples

This section provides the following configuration tasks and examples:

•

Verifying IKE Configurations, page 24

•

Verifying IPSec Configurations, page 25

•

Verifying IPSec High Availability, page 27

•

Monitoring and Maintaining IPSec Stateful Failover (VPN High Availability), page 30

Verifying IKE Configurations

To view information about your IKE configurations, use show crypto isakmp policy EXEC command.
The following is sample output from that command:

Router# show crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco address 192.168.3.1

Note

If a user enters an IKE encryption method that the hardware does not support, a warning message will
be displayed in the show crypto isakmp policy output.

The following sample output from the show crypto isakmp policy command displays a warning
message after a user tries to configure an IKE encryption method that the hardware does not support:

Protection suite of priority 1

encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).

WARNING:encryption hardware does not support the configured

encryption method for ISAKMP policy 1

hash algorithm: Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #1 (768 bit)

lifetime: 3600 seconds, no volume limit