Configuring IPSec Network Security
Step 6
switch(config)# crypto global domain ipsec security-association lifetime megabytes 5000
Configures the global traffic-volume lifetime in megabytes. The global lifetime ranges from 3 to 4193280
megabytes.
Step 7
switch(config)# no crypto global domain ipsec security-association lifetime megabytes
Reverts to the factory default of 450 GB regardless of what value is currently configured.
Displaying IKE Configurations
You can verify the IKE information by using the show set of commands. See the following examples.
Displays the Parameters Configured for Each IKE Policy
switch# show crypto ike domain ipsec
keepalive 60000
Displays the Initiator Configuration
switch# show crypto ike domain ipsec initiator
initiator version 1 address 1.1.1.1
initiator version 1 address 1.1.1.2
Displays the Key Configuration
switch# show crypto ike domain ipsec key
key abcdefgh address 1.1.1.1
key bcdefghi address 1.1.2.1
Displays the Currently Established Policies for IKE
switch# show crypto ike domain ipsec policy 1
Priority 1, auth pre-shared, lifetime 6000 secs, encryption 3des, hash md5, DH group 5
Priority 3, auth pre-shared, lifetime 86300 secs, encryption aes, hash sha1, DH group 1
Priority 5, auth pre-shared-key, lifetime 86400 secs, encryption 3des, hash sha256, DH group
1
Displays the Currently Established SAs for IKE
switch# show crypto ike domain ipsec sa
Tunn
----------------------------------------------------------------------------------------
1*
2
-----------------------------------------------------------------------------------------
NOTE: tunnel id ended with * indicates an IKEv1 tunnel
Local Addr
Remote Addr
172.22.31.165[500]
172.22.31.166[500] 3des
172.22.91.174[500]
172.22.91.173[500] 3des
Encr
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Displaying IKE Configurations
Hash
Auth Method
sha1
preshared key
sha1
preshared key
Lifetime
86400
86400
199