Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1405
Views
0
Helpful
2
Replies

Encryption domain

TroyBolton
Level 1
Level 1

‎04-28-2020 05:49 AM

Hello,

 

What command would I run on an ASA to show the encryption domain(s)?

 

Regards

 

Troy

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎04-28-2020 05:58 AM

Hi,
The ASA uses access-lists to define the interesting traffic to be encrypted and transmitted over a VPN tunnel. Find the crypto map entry, then note the ACL being used to "match address", this references the ACL, E.g.

 

crypto map MAP 10 match address SITE1_VPN

access-list SITE1_VPN extended permit ip 10.20.0.0 255.255.252.0 10.10.0.0 255.255.252.0

 

HTH

 

0 Helpful

Marius Gunnerud
VIP
VIP

‎04-28-2020 06:55 AM

Several commands you can use, but the best one in my opinion is (where xxx.xxx.xxx.xxx is the public IP of the site to site peer):

show crypto ipsec sa peer xxx.xxx.xxx.xxx

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card