DataCentre#term len 0 DataCentre#show run Building configuration... Current configuration : 2773 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DataCentre ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip flow-cache timeout active 1 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username cisco password 0 cisco ! ! ip tcp synwait-time 5 ! class-map match-any VOIP match dscp ef class-map match-any SITE_R223 match any class-map match-any VOIP_DSCP_SET match access-group name VOIP_ACL ! ! policy-map QUEUEING class VOIP priority percent 100 class class-default policy-map SET_DSCP class VOIP_DSCP_SET set dscp ef policy-map SHAPING class SITE_R223 shape average 10000000 100000 0 service-policy QUEUEING class class-default ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key firewall.cx address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set TS esp-3des esp-md5-hmac ! crypto ipsec profile protect-gre set security-association lifetime seconds 86400 set transform-set TS ! ! ! ! ! interface Tunnel0 ip address 172.16.0.2 255.255.255.0 no ip redirects ip nhrp authentication firewall ip nhrp map multicast dynamic ip nhrp map 172.16.0.1 150.50.5.2 ip nhrp map multicast 150.50.5.2 ip nhrp network-id 1 ip nhrp nhs 172.16.0.1 tunnel source 160.60.6.2 tunnel mode gre multipoint tunnel protection ipsec profile protect-gre ! interface FastEthernet0/0 description WAN-Network ip address 160.60.6.2 255.255.255.0 ip flow ingress ip flow egress ip nbar protocol-discovery speed 10 full-duplex service-policy output SHAPING ! interface FastEthernet0/1 description LAN-Network ip address 192.168.2.1 255.255.255.0 ip flow ingress ip flow egress ip nbar protocol-discovery duplex auto speed 100 service-policy input SET_DSCP ! interface Ethernet1/0 no ip address shutdown half-duplex ! interface Ethernet1/1 no ip address shutdown half-duplex ! interface Ethernet1/2 no ip address shutdown half-duplex ! interface Ethernet1/3 no ip address shutdown half-duplex ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server no ip http secure-server ip flow-export source FastEthernet0/1 ip flow-export version 9 ip flow-export destination 10.1.1.2 2055 ! ! ! ! ip access-list extended VOIP_ACL permit tcp any eq 1720 any snmp-server community mynet RW snmp-server ifindex persist snmp-server chassis-id 4 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 password cisco login local ! ! end DataCentre#show cryp DataCentre#show crypto ipse DataCentre#show crypto ipsec ? client Show Client Status policy Show IPSEC client policies profile Show ipsec profile information sa IPSEC SA table security-association Show parameters for IPSec security associations transform-set Crypto transform sets DataCentre#show crypto ipsec sa DataCentre#show crypto ipsec sa ? address IPSEC SA table in (dest) address order detail show counter detail identity IPSEC SADB identity tree interface Show info for specific interface ipv6 Show IPv6 crypto IPsec SA info map IPSEC SA table for a specific crypto map peer Show peer sas vrf VRF Routing/Forwarding instance | Output modifiers DataCentre#show crypto ipsec sa deta DataCentre#show crypto ipsec sa detail interface: Tunnel0 Crypto map tag: Tunnel0-head-0, local addr 160.60.6.2 protected vrf: (none) local ident (addr/mask/prot/port): (160.60.6.2/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (150.50.5.2/255.255.255.255/47/0) current_peer 150.50.5.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 289, #pkts encrypt: 289, #pkts digest: 289 #pkts decaps: 290, #pkts decrypt: 290, #pkts verify: 290 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #pkts no sa (send) 0, #pkts invalid sa (rcv) 0 #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0 #pkts invalid prot (recv) 0, #pkts verify failed: 0 #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0 ##pkts replay failed (rcv): 0 #pkts internal err (send): 0, #pkts internal err (recv) 0 local crypto endpt.: 160.60.6.2, remote crypto endpt.: 150.50.5.2 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0 current outbound spi: 0xAEA73A38(2930195000) inbound esp sas: spi: 0x94669A32(2489752114) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } conn id: 2002, flow_id: SW:2, crypto map: Tunnel0-head-0 sa timing: remaining key lifetime (k/sec): (4578323/83701) IV size: 8 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0xAEA73A38(2930195000) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } conn id: 2001, flow_id: SW:1, crypto map: Tunnel0-head-0 sa timing: remaining key lifetime (k/sec): (4578323/83701) IV size: 8 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: DataCentre#show cry DataCentre#show crypto s DataCentre#show crypto sa DataCentre#show crypto is DataCentre#show crypto isakmp sa DataCentre#show crypto isakmp sa de DataCentre#show crypto isakmp sa detail Codes: C - IKE configuration mode, D - Dead Peer Detection K - Keepalives, N - NAT-traversal X - IKE Extended Authentication psk - Preshared key, rsig - RSA signature renc - RSA encryption C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap. 1 160.60.6.2 150.50.5.2 ACTIVE 3des md5 psk 2 23:14:47 Connection-id:Engine-id = 1:1(software)