Cisco Cisco Packet Data Gateway (PDG)
show crypto
▀ show crypto ipsec security-associations statistics
▄ Statistics and Counters Reference, StarOS Release 18
3452
show crypto ipsec security-associations statistics
Table 285.
show crypto ipsec security-associations statistics
Command Output Descriptions
Field
Description
Map Name
The name of the crypto map for which statistics are being displayed.
Application Map Name
The application map name that concatenates the following:
Application Supported: MIP or L2TP
Local Address: The IP address of the interface on the system facilitating the security
association (SA).
association (SA).
Peer Address: The IP address of the peer security gateway facilitating the SA.
Traffic Type: Control, GRE encapsulated data, or IPIP (IP-in-IP) encapsulated data
NOTE: When a crypto map does not have any IPSec SAs established yet, i.e. No IKE negotiation has
taken place OR the tunnel had been brought down after inactivity during the entire lifetime of the SAs,
is marked as “Security Association is not established!”
taken place OR the tunnel had been brought down after inactivity during the entire lifetime of the SAs,
is marked as “Security Association is not established!”
local addr
The IP address of the interface on the system facilitating the security association (SA).
ACL
For ISAKMP or manual crypto maps, this is the name of the access control list (ACL) that is matched
to the crypto map.
to the crypto map.
current peer
The IP address of the peer security gateway facilitating the SA.
Tunnel is keyed 1 times. The number of times the tunnel was keyed. In this example, the tunnel was keyed once.
Encoded
The number of packets and bytes that have been encoded for the SA.
Encode Errors
The number of errors that have occurred while encoding packets.
Decoded
The number of packets and bytes that have been decoded for the SA.
Decode Errors
The number of errors that have occurred while decoding packets.
Authentication Errors
The number of errors that occurred during the system/security gateway authentication process.
Replay Errors
The number of replay errors that occurred for the SA.
outbound esp sas
spi
The outbound (from the system to the security gateway) security parameter index (SPI) used for the
Encapsulating Security Payload protocol.
Encapsulating Security Payload protocol.
transform
The protocols configured for the transform set used by the crypto map for outbound tunnels.
negotiated soft lifetime
(kb/sec)
(kb/sec)
The soft lifetime negotiated by the system and the security gateway for outbound SAs. The lifetime is
measured in terms kilobytes (kb) and/or seconds (sec).
The soft lifetime is used to warn that the SA is about to expire allowing the systems to negotiate a new
lifetime prior to the expiration of the hard lifetime.
measured in terms kilobytes (kb) and/or seconds (sec).
The soft lifetime is used to warn that the SA is about to expire allowing the systems to negotiate a new
lifetime prior to the expiration of the hard lifetime.
remaining soft lifetime
(kb/sec)
(kb/sec)
The amount of kilobytes and/or seconds remaining to the soft lifetime from what was initially
negotiated.
negotiated.