From: Barry J. Bocaner (barry@xxxxxxxxxxx)
Date: Mon Jan 22 2001 - 11:08:59 GMT-3
On Sun, 21 Jan 2001, Stanford Wong - CNS wrote:
> I have a question regarding IPSEC.
>
> Besides using a packet sniffer, how could you tell that your packets are
> indeed being encrypted? I have looked at the Cisco CD under this link -
barry-dsl#show crypto ipsec sa
interface: Ethernet0
Crypto map tag: VPN, local addr. x.x.x.x
local ident
(addr/mask/prot/port): (y.y.y.y/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (z.z.z.z/255.255.255.240/0/0)
current_peer: w.w.w.w
PERMIT, flags={origin_is_acl,}
#pkts encaps: 304, #pkts encrypt: 304, #pkts digest 304
#pkts decaps: 550, #pkts decrypt: 550, #pkts verify 550
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
#send errors 1, #recv errors 0
See how the pkts encrypt counter and pkts decrypt counter are growing?
That means you are encrypting and decrypting.
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Barry J. Bocaner
Sr. Network Engineer TruEdge Technologies
<barry@truedge.com> 703-573-9884 x 103
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:39 GMT-3