Show crypto ipsec transform-set – Enterasys Networks X-Pedition XSR CLI User Manual

Crypto Show Commands

XSR CLI Reference Guide 14-119

show crypto ipsec transform-set

This command displays configured transform‐sets. IPSec transform‐sets created with EZ‐IPSec 
configuration are marked with an asterisk (*) in the 

show

 output. These proposals may not be used 

in other user‐defined IPSec policies. They are reserved for EZ‐IPSec

Syntax

show crypto ipsec transform-set [transform-set-name]

Mode

EXEC or Global configuration: 

XSR>

or

XSR(config)#

Sample Output

The following example was produced from manually configured transform‐sets:

XSR#show crypto ipsec transform-set
Name

PFS

ESP ESP-AH AH IPCOMP

esp-3des-md5

Disabled AES HMAC-MD5 None None

ah-sha

Disabled None None HMAC-SHA None

The following output was produced by EZ‐IPSec transform‐sets:

XSR#show crypto ipsec transform-set
Name

PFS ESP ESP-AH AH IPCOMP

*ez-esp-3des-sha-pfs Modp768 3DES HMAC-SHA None None
*ez-esp-3des-sha-no-pfs Disabled 3DES HMAC-SHA None None
*ez-esp-3des-md5-pfs Modp768 3DES HMAC-MD5 None None
*ez-esp-3des-md5-no-pfs Disabled 3DES HMAC-MD5 None None
*ez-esp-aes-sha-pfs Modp768 AES HMAC-SHA None None
*ez-esp-aes-sha-no-pfs Disabled AES HMAC-SHA None None
*ez-esp-aes-md5-pfs Modp768 AES HMAC-MD5 None None
*ez-esp-aes-md5-no-pfs

Disabled AES

HMAC-MD5 None

None

ESP

Type of SA: either ESP or AH.

SPI=40d5e065

Unique Security Parameter Index (SPI) number for the SA.

Transform

Encryption algorithm set.

Life=3589s/249932KB 

Lifetime of the SA in seconds and KBytes.

Local crypto endpt.‐10.2.1.34:4500

IP address and port number of the local crypto peer.

Remote crypto endpt.‐10.2.1.34:4500

IP address and port number of the remote crypto peer.

Encapsulation

ESP or AH Encoding Mode.

UDP‐Encaps

Indicates NAT is present between the crypto endpoints.

transform-set-name

Shows transform‐sets with the specific transform‐set‐name only.