cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How can I detect how long the IPSEC tunnel has been up on the router?

yuhuiyao
Beginner
Beginner

How can I detect how long the IPSEC tunnel has been up on the router? Is there any similiar command such as "show vpn-sessiondb l2l" on the router?

Thanks,

8 REPLIES 8

Ivan Martinon
Rising star
Rising star

You can do a "show crypto ipsec sa detail" and a "show crypto isakmp sa detail" both of them will give you the remaining time of the configured lifetime. By default the router has 3600 seconds as lifetime for ipsec and 86400 seconds for IKE.

¿When the life time finish the tunnel is retablished causing a cut on it?

¿if the tunnel is passing traffic the tunnel stays active and working?

Hi,

You can use the command :

sh cry isa sa detailed

sh cry sess remote <ip> detailed

Regards,

Aditya

Please rate helpful and mark correct answers

Thanks Aditya. 

I suppose that when I type the command sh cry sess remote <ip>,  detailed "uptime" means that the tunnel is established that period of time and there were no downs.

On the other side, when the lifetime of the SA is over, ¿ the tunnel goes down?

Hi,

This is the only command to check the uptime.

In case you need to check the SA timers for Phase 1 and Phase 2

sh cry isa sa detailed

sh cry ipsec sa peer <>

Regards,

Aditya

Please rate helpful and mark correct answers