Command of the Day

Guru Elite

COTD: show crypto ipsec sa

It is well known that the Aruba controller can support wireless access points. It is less known that it can also terminate client Cisco, L2TP and PPTP VPN sessions, Remote APs and site to site VPN connections (at this time, these connections require a VPN license or the Remote AP license). If you provisioned a device to terminate on the Aruba Controller you want to know if the tunnel came up successfully. "show crypto ipsec sa" will show you all of these "Security Associations" on your controller:

( # show crypto ipsec sa

Initiator IP:
Responder IP:
Initiator: No
Initiator cookie:7c017c0989cfbf2c Responder cookie:3ce42b765cca4986
SA Creation Date: Sat Jan 9 17:26:32 2010
Life secs: 7200
Initiator Phase2 ID:
Responder Phase2 ID:
Phase2 Transform: EncAlg:esp-3des HMAC:esp-sha-hmac
Encapsulation Mode:UDP-encapsulated Tunnel
OUT SPI 369b9092, IN SPI b2f69f00
Inner IP, internal type C
Aruba AP
Reference count: 3

In this example, the "Initiator IP" is the public ip address of the device that initiated the VPN connection. The "Responder IP" is the device that responded to it. The "Initiator" parameter says whether the device we ran the command on initiated the connection; in this case, no. The SA creation date says when the security association or VPN tunnel was created. The "Inner IP" is the ip address assigned to the foreign device from the VPN pool. In this case the "Aruba AP" parameter means that the incoming device is an Aruba access point operating as a Remote AP. Other types of VPN connections will have a different

The command by default shows ALL security associations. You can also narrow it down to a single public IP address. For example, if you know a user has a remote AP that you want to know if it is up or not, you could do a "show crypto ipsec sa peer " it will narrow down the output to only that device.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: