このコマンドは、指定されたピアの IPsec SA ID を取得し、IOS レイヤから QFP レイヤまでのすべてのレイヤの SA を表示します。
Device# polaris-csr#show crypto ipsec sa peer 33.0.0.4 platform
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 33.0.0.3
protected vrf: (none)
local ident (addr/mask/prot/port): (33.0.0.3/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (33.0.0.4/255.255.255.255/47/0)
current_peer 33.0.0.4 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 190, #pkts encrypt: 190, #pkts digest: 190
#pkts decaps: 190, #pkts decrypt: 190, #pkts verify: 190
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 33.0.0.3, remote crypto endpt.: 33.0.0.4
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet2
current outbound spi: 0xA4A5244(172642884)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xBCD8840(198019136)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 2169, flow_id: CSR:169, sibling_flags FFFFFFFF80004048, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4607985/3255)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xA4A5244(172642884)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 2170, flow_id: CSR:170, sibling_flags FFFFFFFF80004048, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4607989/3255)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas: