To display the policy parameters for all interfaces or for a specific interface or show the status and counters of the active SA, use the show crypto command in Privileged EXEC Mode.
| Parameter | Type | Description |
|---|---|---|
map
|
Enter to display a specific crypto map which defines the VPN policy to be negotiated for Security Association (SA) creation. If not policy name is specified, all VPN Policy parameters will be displayed. | |
<policy name (string (64))>
|
String | Enter a specific policy name to display information only for this policy. The maximum length of the string is 64. |
sa
|
Enter to display the status and counters of the active SA. Or specify a policy name. | |
<policy name (string (64))>
|
String | Enter a specific policy name to display information only for this SA. The maximum length of the string is 64. |
Privileged EXEC Mode
iS5Comm # show crypto map cybsec
VPN Policy Parameters
-------------------------
Policy Name: cybsec
Policy Status: ACTIVE
Tunnel Status: Phase 1 ready - Phase 2 ready
Local end point: 51.0.0.2
Local Id: 51.0.0.2
Remote end point: 161.0.0.2
Remote Id: 161.0.0.2
Type: tunnel
Local protected network/s: 192.168.151.0/24
Remote protected network/s: 10.10.151.0/24
Authentication by: secret
PSK: presharedkey
IKE version: ikev2
IKE Phase1 encryption: aes256
IKE Phase1 hash: sha512
IKE Phase1 DH Group: modp1536
IKE Phase1 lifetime: 1500 s
IPSec protocol: ESP
IKE Phase2 encryption: aes256
IKE Phase2 lifetime: 3600 s
IKE Phase2 hash: sha
IKE Phase2 DH Group: modp2048
DPD delay timer : 60
iS5Comm# show crypto sa m1
m1: #1, ESTABLISHED, IKEv2
local '51.0.0.2' @ 51.0.0.2[500]
remote '51.0.0.3' @ 51.0.0.3[500]
AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1536
established 3s ago, reauth in 2482s
m1: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96
installed 3s ago, rekeying in 6326s, expires in 7197s
in c7462e06, 0 bytes, 0 packets
out c600ee1a, 0 bytes, 0 packets
local 192.168.9.0/24 192.168.51.0/24
remote 10.10.9.0/24 10.10.51.0/24