Show crypto isakmp proposal, Show crypto isakmp sa – Enterasys Networks X-Pedition XSR CLI User Manual
Page 559
Remote Peer Show Commands
XSR CLI Reference Guide 14-105
show crypto isakmp proposal
This command lists attributes for each Internet Key Exchange (IKE) proposal. ISAKMP proposals
created with EZ‐IPSec are marked with an asterisk (*) in the
show
output. These proposals may not
be used in other user‐defined ISAKMP policies ‐ they are reserved for EZ‐IPSec.
Syntax
show crypto isakmp proposal
Mode
EXEC or Global configuration:
XSR>
or
XSR(config)#
Sample Output
XSR#show crypto isakmp proposal
Name
Authentication
Encrypt
Integrity Group
Lifetime
test
PreSharedKeys
AES
HMAC-MD5
Modp1024
The following output was produced by ISAKMP proposals created via EZ‐IPSec:
XSR#show crypto isakmp proposal
Name
Authentication Encrypt Integrity Group Lifetime
*ez-ike-3des-sha-psk PreSharedKeys 3DES HMAC-SHA Modp1024 28800
*ez-ike-3des-md5-psk PreSharedKeys 3DES HMAC-MD5 Modp1024 28800
*ez-ike-3des-sha-rsa RSASignature 3DES HMAC-SHA Modp1024 28800
*ez-ike-3des-md5-rsa RSASignature 3DES HMAC-MD5 Modp1024 28800
show crypto isakmp sa
This command lists all current Internet Key Exchange Security Associations (SAs) for your XSR.
An SA occupies a certain state depending upon where in the authentication process the peers are
and what exchange mode they share ‐ Aggressive, Main or Quick. During long exchanges, some of
the MM states may be seen. Refer to the Parameter Descriptions for further explanation.
Syntax
show crypto isakmp sa
Mode
EXEC or Global configuration:
XSR>
or
XSR(config)#
Sample Output
The following output displays two SAs, one in Main Mode exchange preparing to authenticate
and the other in Quick Mode exchange ready for traffic:
XSR#show crypto isakmp sa
Connection-ID State Source Destination Lifetime
526
MM_KEY_AUTH
192.168.2.2 192.168.2.1
9
QM_IDLE
192.168.55.10 141.154.196.87