HUB#sh crypto pki certificates ver Certificate Status: Available Version: 3 Certificate Serial Number (hex): 1F00000007C959EC697723BF61000000000007 Certificate Usage: General Purpose Issuer: cn=WANLAB-CA dc=WANLAB dc=WAN Subject: Name: HUB.wanlab.wan cn=HUB.wanlab.wan ou=CML o=WANLAB l=Virginia Beach st=VA c=US hostname=HUB.wanlab.wan CRL Distribution Points: ldap:///CN=WANLAB-CA,CN=WANLABSRV1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=WANLAB,DC=WAN?certificateRevocationList?base?objectClass=cRLDistributionPoint Validity Date: start date: 16:59:46 UTC Apr 9 2019 end date: 16:59:46 UTC Apr 8 2021 Subject Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Signature Algorithm: SHA256 with RSA Encryption Fingerprint MD5: 5C028F67 D0BF023E 844E5D37 207EB876 Fingerprint SHA1: BEAE9C22 B45F6806 F7442B54 C0D20E03 F9814551 X509v3 extensions: X509v3 Key Usage: A0000000 Digital Signature Key Encipherment X509v3 Subject Key ID: 69705A60 48796E00 3BD8B8D1 F40583B0 D5DD9529 X509v3 Authority Key ID: 3C81A776 825B2D69 40B80B31 1099D027 342035E3 Authority Info Access: Extended Key Usage: 1.3.6.1.5.5.8.2.2 Associated Trustpoints: WANLAB-CA Storage: nvram:WANLAB-CA#7.cer Key Label: FLEXRSA Key storage device: private config CA Certificate Status: Available Version: 3 Certificate Serial Number (hex): 2AB1893AB30B809140E2F69397F9A3E1 Certificate Usage: Signature Issuer: cn=WANLAB-CA dc=WANLAB dc=WAN Subject: cn=WANLAB-CA dc=WANLAB dc=WAN Validity Date: start date: 16:51:21 UTC Apr 3 2019 end date: 17:01:20 UTC Apr 3 2024 Subject Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Signature Algorithm: SHA256 with RSA Encryption Fingerprint MD5: BB1B23F9 A263E5D2 1DD77F73 14E417F0 Fingerprint SHA1: E2E8F34F 4870779A 5475D7F3 78A6C484 E9C218D6 X509v3 extensions: X509v3 Key Usage: 86000000 Digital Signature Key Cert Sign CRL Signature X509v3 Subject Key ID: 3C81A776 825B2D69 40B80B31 1099D027 342035E3 X509v3 Basic Constraints: CA: TRUE Authority Info Access: Associated Trustpoints: WANLAB-CA Storage: nvram:WANLAB-CA#A3E1CA.cer ----------------------------------------------------------------------------------- HUB#sh crypto ikev2 sa det IPv4 Crypto IKEv2 SA Tunnel-id Local Remote fvrf/ivrf Status 1 172.25.1.2/500 172.16.1.2/500 none/none IN-NEG Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA256, DH Grp:14, Auth sign: Unknown - 0, Auth verify: Unknown - 0 Life/Active Time: 120/0 sec CE id: 1061, Session-id: 0 Status Description: Responder waiting for AUTH message Local spi: 28EA0D8A6E21A60C Remote spi: A0CFF4BCE4D8546E Local id: Remote id: Local req msg id: 0 Remote req msg id: 1 Local next msg id: 0 Remote next msg id: 1 Local req queued: 0 Remote req queued: 1 Local window: 1 Remote window: 1 DPD configured for 0 seconds, retry 0 Fragmentation not configured. Extended Authentication not configured. NAT-T is not detected Cisco Trust Security SGT is disabled Initiator of SA : No IPv6 Crypto IKEv2 SA HUB#sh crypto ikev2 sa det IPv4 Crypto IKEv2 SA Tunnel-id Local Remote fvrf/ivrf Status 1 172.25.1.2/500 172.16.1.2/500 none/none IN-NEG Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA256, DH Grp:14, Auth sign: Unknown - 0, Auth verify: Unknown - 0 Life/Active Time: 120/0 sec CE id: 1061, Session-id: 0 Status Description: Responder waiting for AUTH message Local spi: 28EA0D8A6E21A60C Remote spi: A0CFF4BCE4D8546E Local id: Remote id: Local req msg id: 0 Remote req msg id: 1 Local next msg id: 0 Remote next msg id: 1 Local req queued: 0 Remote req queued: 1 Local window: 1 Remote window: 1 DPD configured for 0 seconds, retry 0 Fragmentation not configured. Extended Authentication not configured. NAT-T is not detected Cisco Trust Security SGT is disabled Initiator of SA : No IPv6 Crypto IKEv2 SA