Support User Manuals

Cisco Systems C7200 Network Cables User Manual

Open as PDF

of 62

4-15

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

OL-9129-02

Chapter 4 Configuring the VSA

Configuration Tasks

To view information about your IPSec configuration, use one or more of the following commands in

EXEC mode:

Verifying IKE and IPSec Configurations

To view information about your IPSec configurations, use the show crypto ipsec transform-set EXEC

command.

Note If a user enters an IPSec transform that the hardware (the IPSec peer) does not support, a warning

message will be displayed in the show crypto ipsec transform-set command output.

The following sample output from the show crypto ipsec transform-set command displays a warning

message after a user tries to configure an IPSec transform that the hardware does not support:

Router# show crypto ipsec transform-set

Transform set transform-1:{esp-256-aes esp-md5-hmac}

will negotiate = {Tunnel, },

WARNING:encryption hardware does not support transform

esp-aes 256 within IPSec transform transform-1

To view information about your IKE configurations, use show crypto isakmp policy EXEC command.

Note If a user enters an IKE encryption method that the hardware does not support, a warning message will

be displayed in the show crypto isakmp policy output.

The following sample output from the show crypto isakmp policy command displays a warning

message after a user tries to configure an IKE encryption method that the hardware does not support:

Router# show crypto isakmp policy

Protection suite of priority 1

encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).

WARNING:encryption hardware does not support the configured

encryption method for ISAKMP policy 1

hash algorithm: Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #1 (768 bit)

lifetime: 3600 seconds, no volume limit

Command Purpose

Router# show crypto ipsec transform-set

Displays your transform set configuration.

Router# show crypto map [interface

interface

|

tag

map-name

]

Displays your crypto map configuration.

Router# show crypto ipsec sa [map

map-name

|

address | identity] [detail]

Displays information about IPSec security associations.

Router# show crypto dynamic-map [tag

map-name

]

Displays information about dynamic crypto maps.

Router# show crypto ipsec security-association

lifetime

Displays global security association lifetime values.

previous next