Displaying IKE Configurations
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Displaying IKE Configurations
You can verify the IKE information by using the show set of commands. See Examples
Example 37-1 Displays the Parameters Configured for Each IKE Policy
switch# show crypto ike domain ipsec
keepalive 60000
Example 37-2 Displays the Initiator Configuration
switch# show crypto ike domain ipsec initiator
initiator version 1 address 1.1.1.1
initiator version 1 address 1.1.1.2
Example 37-3 Displays the Key Configuration
switch# show crypto ike domain ipsec key
key abcdefgh address 1.1.1.1
key bcdefghi address 1.1.2.1
Example 37-4 Displays the Currently Established Policies for IKE
switch# show crypto ike domain ipsec policy 1
Priority 1, auth pre-shared, lifetime 6000 secs, encryption 3des, hash md5, DH group 5
Priority 3, auth pre-shared, lifetime 86300 secs, encryption aes, hash sha1, DH group 1
Example 37-5 Displays the Currently Established SAs for IKE
switch# show crypto ike domain ipsec sa
Tunn
----------------------------------------------------------------------------------------
1*
2
-----------------------------------------------------------------------------------------
NOTE: tunnel id ended with * indicates an IKEv1 tunnel
Displaying IPsec Configurations
You can verify the IPsec information by using the show set of commands. See Examples
Example 37-6 Displays Information for the Specified ACL
switch# show ip access-list acl10
ip access-list acl10 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 (0 matches)
In
Example
this criteria.
Example 37-7 Displays the Transform Set Configuration
switch# show crypto transform-set domain ipsec
Transform set: 3des-md5 {esp-3des esp-md5-hmac}
Cisco MDS 9000 Family CLI Configuration Guide
37-30
Local Addr
172.22.31.165[500]
172.22.91.174[500]
37-6, the display output match is only displayed of an interface (not the crypto map) meets
will negotiate {tunnel}
Remote Addr
Encr
172.22.31.166[500] 3des
172.22.91.173[500] 3des
Chapter 37
Configuring IPsec Network Security
Hash
Auth Method
sha1
preshared key
sha1
preshared key
OL-18084-01, Cisco MDS NX-OS Release 4.x
37-1
to 37-5.
Lifetime
86400
86400
37-6
to 37-19.