Re: parameters of IPsec VPN tunnel

night-fury · ‎03-15-2018

Hi,

I have an ASA which has a tunnel configured with one of the clients. now I need to verify what parameters have been defined for that tunnel via CLI or ASDM e.g.

Phase-1 (IKE)
Data Encryption Algorithm
Authentication (Data Integrity) Method
Diffie-Hellman Group
IKE Security Association lifetime in Second

Phase-2 (IPSec)
Data Encryption Algorithm
Perfect Forward Secrecy (PFS)
Diffie-Hellman (DH) Group
IPSec Security Association lifetime in Second

Any help would be much appreciated.

Deepak Kumar · ‎03-15-2018

Hi,

I hope this command will helpful to you.

show running-config crypto

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

night-fury · ‎03-16-2018

:) i already checked that. however you dont get full parmaters. i was hoping to get something like sh isa sa detail which gives you parameters as below:

IKE Peer: X.x.x.x
Type: L2L Role: initiator
Rekey : no State : MM_ACTIVE
Encrypt : 3des Hash: SHA
Auth: preshared Lifetime: 28800

how to get such details for phase 2, or i am missing something. i am trying to clear the confusion as i get confused between phase 1 & 2.

Rob Ingram · ‎03-16-2018

These commands will show you what has been configured for a VPN:

show run crypto ikev1
show run ipsec
show run tunnel-group
show run access-list
show run crypto map