04-28-2020 05:49 AM
Hello,
What command would I run on an ASA to show the encryption domain(s)?
Regards
Troy
04-28-2020 05:58 AM
Hi,
The ASA uses access-lists to define the interesting traffic to be encrypted and transmitted over a VPN tunnel. Find the crypto map entry, then note the ACL being used to "match address", this references the ACL, E.g.
crypto map MAP 10 match address SITE1_VPN
access-list SITE1_VPN extended permit ip 10.20.0.0 255.255.252.0 10.10.0.0 255.255.252.0
HTH
04-28-2020 06:55 AM
Several commands you can use, but the best one in my opinion is (where xxx.xxx.xxx.xxx is the public IP of the site to site peer):
show crypto ipsec sa peer xxx.xxx.xxx.xxx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide