Command of the Day

Guru Elite

COTD: show crypto ipsec sa - reloaded

The "show crypto ipsec sa" command has changed as of ArubaOS Before it would show details about every IPSEC connection correctly negotiated. As more endpoints depended on IPSEC connectivity, like access points with CPSEC (Control Plane Security) on, as well as VIA client connectivity, this list became more and more difficult to display without alot of space-bar pressing. Starting with ArubaOS, "show crypto ipsec sa" now has a list view:

( #show crypto ipsec sa

IPSEC SA Active Session Information
Initiator IP Responder IP InitiatorID ResponderID Flags Start Time Inner IP
------------ ------------ ----------- ----------- ---------- ---------- -------- UT Jun 25 13:28:48 UT Jun 25 11:43:12 UT Jun 25 13:23:50 UT Jun 25 12:20:18 UT Jun 25 13:02:12 UT Jun 25 13:09:28 UT Jun 25 12:27:40 UT Jun 25 13:18:05 UT Jun 25 13:16:30 UT Jun 25 12:59:11 UT Jun 25 13:28:11 UT Jun 25 12:00:24 UT Jun 25 13:14:21 UT Jun 25 13:23:14 UT Jun 25 11:55:22 UT Jun 25 11:52:05 UT Jun 25 12:52:56 UT Jun 25 11:54:40 UT Jun 25 13:28:41 UT Jun 25 12:24:45

Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
L = L2TP Tunnel; N = Nortel Client; C = Client

Total IPSEC SAs: 20

To see details about an IPSEC connection, you can still use the "peer" option:

( #show crypto ipsec sa peer

Initiator IP:
Responder IP:
Initiator: No
Initiator cookie:018006409496dde5 Responder cookie:659f346abddccaf7
SA Creation Date: Fri Jun 25 13:21:23 2010
Life secs: 7200
Initiator Phase2 ID:
Responder Phase2 ID:
Phase2 Transform: EncAlg:esp-3des HMAC:esp-sha-hmac
Encapsulation Mode:UDP-encapsulated Tunnel
OUT SPI 1b0aa012, IN SPI 1b5c5300
Inner IP, internal type C
Aruba VIA
Reference count: 3

The SA above is a VIA client, as you can tell.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: