From: Price, Jamie (jprice@xxxxxxxxxxx)
Date: Sat Aug 12 2000 - 21:16:50 GMT-3
Title: RE: encryption
If you do:
show crypto engine connection active
it will show you the number of encrypted/decrypted packets that have
passed through the router. Compare this to a ping or something.
Remember that it will take a couple of packets to exchange keys so
they wont be encrypted but every one after that will be if it is set
up right.
You should get something like this - this was with 105 icmp packets -
note only 103 were encrypted:
ID Interface IP-Address State Algorithm Encrypt
Decrypt
37 no idb no address set DES_56_CBC 0 0
38 Ethernet0/0 10.1.1.1 set HMAC_SHA 0 103
39 Ethernet0/0 10.1.1.1 set HMAC_SHA 103 0
40 Ethernet0/0 10.1.1.1 set HMAC_MD5+DES_56_CB 0 103
41 Ethernet0/0 10.1.1.1 set HMAC_MD5+DES_56_CB 103 0
Do an extended ping too making sure that the source address is what is
specified in your access list or else the traffic wont be encrypted.
Jamie
-----Original Message-----
From: John Conzone
To: ccielab
Sent: 8/12/00 4:50 PM
Subject: encryption
I've set up a basic DES encryption between tow routers, and have
checked the connection. It appears to be up.
r2#sho crypto cisco connections
Connection Table
PE UPE Conn_id New_id Algorithm Time
12.12.12.1 11.11.11.1 1 0 DES_56_CFB8 Mar 01 1993
00:18:37
flags:TIME_KEYS ACL: 101
I am able toping between the two routers. I've looked in the IOS
but
cannot find a way to make sure that my access list is working. In
other
words, I have a serial link beween r1 and r2. r1 is 10.10.10.1 and r2
is
10.10.10.2. I've created a loopback on each. On r1,its 11.11.11.1 and
r2
its 12.12.12.1. My access list allows 11.11.11.1 to 12.12.12.1 on r1,
and the reverse on r2.
How do I know that my pings (they work) are getting encrypted
beside
logging on the access-list? The log shows the access list getting hit,
so am I to a assume its encrypted?
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:24 GMT-3