Hi Mahmoud,
On the endpoints, you could just run: show crypto ipsec sa | i peer|pkts
On transit devices, I guess you could just do:
ip access-list ext MONITOR_ESP/AH
permit esp any any log
permit ah any any log
permit ip any any
Ofcourse, this is subject to "ip access-list log-update" configuration.
Note: there could be imposed loading on the CPU of the device due to console
logging, so proceed with caution there.
Sadiq
On Wed, May 12, 2010 at 5:06 PM, Mahmoud Eldeeb <eng.futurama_at_gmail.com>wrote:
> Dear All
>
> How shall I monitor the encryption which is configured of around 15
> routers
> (dmvpn)
>
> --
> Best Regards,
> Mahmoud Eldeeb
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Wed May 12 2010 - 17:22:07 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART