3 verify vpn tunnel establishment – Asus SL1000 User Manual
Page 10
Copyright 2006, ASUSTek Computer, Inc.
Page
7
3.3 Verify VPN Tunnel Establishment
pix-firewall# show crypto isakmp sa
Total : 1
Embryonic : 0
dst src state pending created
10.64.2.130 10.64.2.145 QM_IDLE 0 1
pix-firewall# show crypto ipsec sa
interface: outside
Crypto map tag: toSL1000, local addr. 10.64.2.130
local ident (addr/mask/prot/port): (192.168.30.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.64.3.0/255.255.255.0/0/0)
current_peer: 10.64.2.145:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 12, #pkts encrypt: 12, #pkts digest 12
#pkts decaps: 12, #pkts decrypt: 12, #pkts verify 12
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.64.2.130, remote crypto endpt.: 10.64.2.145
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 5f4579cf
inbound esp sas:
spi: 0x991686ee(2568390382)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 1, crypto map: toSL1000
sa timing: remaining key lifetime (k/sec): (74998/3472)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x5f4579cf(1598388687)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2, crypto map: toSL1000