Thanks Aditya.

yuhuiyao · ‎04-17-2009

How can I detect how long the IPSEC tunnel has been up on the router? Is there any similiar command such as "show vpn-sessiondb l2l" on the router?

Thanks,

Ivan Martinon · ‎04-17-2009

You can do a "show crypto ipsec sa detail" and a "show crypto isakmp sa detail" both of them will give you the remaining time of the configured lifetime. By default the router has 3600 seconds as lifetime for ipsec and 86400 seconds for IKE.

ciscolover · ‎07-27-2017

¿When the life time finish the tunnel is retablished causing a cut on it?

¿if the tunnel is passing traffic the tunnel stays active and working?

Aditya Ganjoo · ‎07-27-2017

Hi,

You can use the command :

sh cry isa sa detailed

sh cry sess remote <ip> detailed

Regards,

Aditya

Please rate helpful and mark correct answers

ciscolover · ‎07-27-2017

Thanks Aditya.

I suppose that when I type the command sh cry sess remote <ip>, detailed "uptime" means that the tunnel is established that period of time and there were no downs.

On the other side, when the lifetime of the SA is over, ¿ the tunnel goes down?

Aditya Ganjoo · ‎07-27-2017

Hi,

This is the only command to check the uptime.

In case you need to check the SA timers for Phase 1 and Phase 2

sh cry isa sa detailed

sh cry ipsec sa peer <>

Regards,

Aditya

Please rate helpful and mark correct answers

ciscolover · ‎07-27-2017

Ok thanks ¡¡

When the lifetime of the SA is over, the tunnel goes down? or not?

Aditya Ganjoo · ‎07-27-2017

Hi,

It depends if traffic is passing through the tunnel or not.

Regards,

Aditya

Please rate helpful and mark correct answers

ciscolover · ‎07-28-2017

With a ping passing about the tunnel and the timer explired, the SA are renegotiated but the tunnel stay UP and the ping not losses any packet.