Hi, Your connectivity is like

Carlton Patterson · ‎07-26-2014

Hello Experts,

Can someone please take a look at my configuration on on datacenter, R222 and R223 and let me know how to verify that traffic is being encrypted between R223 and datacenter.

I know that traffic is being encrypted between the datacenter and R222 and R223 and R222, but I don't think traffic is being encrypted between datacenter and R223.

Cheers

Carlton

rvarelac · ‎07-28-2014

Hi carltonpatterson

You can Check the tunnel between datacenter and R223 with the command "Show crypto ipsec sa ".

If you see the following output:

 #pkts encaps: 289, #pkts encrypt: 289, #pkts digest: 289
    #pkts decaps: 290, #pkts decrypt: 290, #pkts verify: 290

Those encaps , decapts , encypts and decrypts meand the traffic is flowing throught the IPSEC tunnel is being encrypted.

You can do the following test:

1. Clear the encaps / decaps with the command "Clear crypto ipsec sa"

WARNING: THIS WILL BRING DOWN THE TUNNEL FOR A FEW SECONDS

2. Send traffic over the tunnel with a ping or any type of traffic .

3. Do a "Show crypto ipsec sa" and see if the encaps and decaps increment.

- Hope this helps -

nkarthikeyan · ‎07-28-2014

Hi,

Your connectivity is like this

r223 <--> r222 <--> data center

So if you enabled the routing updates from DC to 223 and 223 to DC, which will go via the tunnel and hence it will be encrypted only.... in your case if you have 222 as hub and other 2 sites as spoke and if you enabled spoke to spoke communication, your requirement will go as encrypted.

Regards

Karthik

Cisco IPSec Verification