"Depending on how you have set things up" , you can do a SPAN to a
destination port that has a management station running wireshark , you
should see ESP in the protocol field between the routers.
Once again it depends on how things are set up.
On 5/12/10, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> Hi Mahmoud,
>
> On the endpoints, you could just run: show crypto ipsec sa | i peer|pkts
>
> On transit devices, I guess you could just do:
> ip access-list ext MONITOR_ESP/AH
> permit esp any any log
> permit ah any any log
> permit ip any any
>
> Ofcourse, this is subject to "ip access-list log-update" configuration.
>
> Note: there could be imposed loading on the CPU of the device due to console
> logging, so proceed with caution there.
>
> Sadiq
>
> On Wed, May 12, 2010 at 5:06 PM, Mahmoud Eldeeb
> <eng.futurama_at_gmail.com>wrote:
>
>> Dear All
>>
>> How shall I monitor the encryption which is configured of around 15
>> routers
>> (dmvpn)
>>
>> --
>> Best Regards,
>> Mahmoud Eldeeb
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Warm Regards, Eseosa CCIE #23782 Before God we are all equally wise - and equally foolish. Albert Einstein Blogs and organic groups at http://www.ccie.netReceived on Wed May 12 2010 - 17:27:42 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART