次の show コマンドの出力は、VPN-SIP の DHCP が HGW の背後にある Cisco IOS XE ルータで正常に設定されているかどうかを確認する方法を示しています。
Router_behind_HGW# show vpn-sip sip dhcp
SIP DHCP Info
SIP-DHCP interface: GigabitEthernet 0/0/0
SIP server address: ipv4:192.168.1.1
Domain name: dns:ntt-east.ne.jp
Router_behind_HGW# show vpn-sip registration-status
SIP registration of local number dhcp : registered 192.168.1.200
Local dynamic number via dhcp[3], via SIP[0398765432]
Router_behind_HGW# show vpn-sip sip registrar
Line destination expires(sec) contact
transport call-id
============================================================
3 ntt-east.ne.jp 2439 192.168.1.20
UDP FFFFFFFFCCE6C415-5D8611ED-FFFFFFFF810AE9D4-FFFFFFFFD
Router_behind_HGW# show vpn-sip session detail
VPN-SIP session current status
Interface: Tunnel0
Session status: SESSION_UP (I)
Uptime : 00:00:37
Remote number : 0387654321
Local number : dhcp
Remote address:port: aaa.bbb.ccc.ddd:27129
Local address:port : 192.168.1.200:50026
Crypto conn handle: 0x4000003D
SIP Handle : 0x4000001B
SIP callID : 301
Configured/Negotiated bandwidth: 256/256 kbps
Applied service policy:
Router_behind_HGW# show crypto session
Crypto session current status
Interface: Tunnel0
Profile: IPROF
Session status: UP-ACTIVE
Peer: aaa.bbb.ccc.ddd port 27129
Session ID: 26
IKEv2 SA: local 10.255.255.1/4500 remote aaa.bbb.ccc.ddd/27129 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Router_behind_HGW# show crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf
Status
1 10.255.255.1/4500 aaa.bbb.ccc.ddd/27129 none/none
READY
Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH
Grp:19, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/86 sec
CE id: 1022, Session-id: 22
Local spi: 59E8EED28441BC32
Remote spi: B5487716A19873BE
IPv6 Crypto IKEv2 SA
Router_behind_HGW# show crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 10.255.255.1
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer aaa.bbb.ccc.ddd port 27129
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.255.255.1, remote crypto endpt.:
aaa.bbb.ccc.ddd
plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb
GigabitEthernet0/0/0
current outbound spi: 0xE0F51D37(3774160183)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x493D896(76798102)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2044, flow_id: ESG:44, sibling_flags FFFFFFFF80004048,
crypto map: Tunnel0-head-0, initiator : True
sa timing: remaining key lifetime (k/sec): (4607999/3509)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xE0F51D37(3774160183)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2043, flow_id: ESG:43, sibling_flags FFFFFFFF80004048,
crypto map: Tunnel0-head-0, initiator : True
sa timing: remaining key lifetime (k/sec): (4607999/3509)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
Router_behind_HGW# show ip nat translations
Pro Inside global Inside local Outside local
Outside global
udp 192.168.1.200:50269 10.255.255.1:4500 aaa.bbb.ccc.ddd:23060
aaa.bbb.ccc.ddd:23060
Total number of translations: 1