From: Mike Schlenger (mschlenger@xxxxxxxxxxxxxxxx)
Date: Mon Jan 22 2001 - 11:57:36 GMT-3
Here is a good crypto debug command for reference;
r4#sh crypto engine conn act
ID Interface IP-Address State Algorithm Encrypt
Decrypt
10 <none> <none> set DES_56_CBC 0
0
11 <none> <none> set DES_56_CBC 0
0
12 Serial0 150.0.0.1 set HMAC_MD5+DES_56_CB 0
6
13 Serial0 150.0.0.1 set HMAC_MD5+DES_56_CB 7
0
Crypto adjacency count : Lock: 0, Unlock: 0
It is nice because it shows which transform-set it used and the
interface/IP. I liked this for quick verification on a sec connection.
-----Original Message-----
From: Barry J. Bocaner [mailto:barry@truedge.com]
Sent: Monday, January 22, 2001 8:09 AM
To: Ccielab
Subject: Re: Question about IPSEC and Tunnels
On Sun, 21 Jan 2001, Stanford Wong - CNS wrote:
> I have a question regarding IPSEC.
>
> Besides using a packet sniffer, how could you tell that your packets are
> indeed being encrypted? I have looked at the Cisco CD under this link -
barry-dsl#show crypto ipsec sa
interface: Ethernet0
Crypto map tag: VPN, local addr. x.x.x.x
local ident
(addr/mask/prot/port): (y.y.y.y/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (z.z.z.z/255.255.255.240/0/0)
current_peer: w.w.w.w
PERMIT, flags={origin_is_acl,}
#pkts encaps: 304, #pkts encrypt: 304, #pkts digest 304
#pkts decaps: 550, #pkts decrypt: 550, #pkts verify 550
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
#send errors 1, #recv errors 0
See how the pkts encrypt counter and pkts decrypt counter are growing?
That means you are encrypting and decrypting.
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Barry J. Bocaner
Sr. Network Engineer TruEdge Technologies
<barry@truedge.com> 703-573-9884 x 103
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:39 GMT-3