Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
1
Replies

how to list remote subnets connected over a site-to-site vpn

raviluchmun
Level 1
Level 1

‎06-28-2015 03:50 AM

Hi,

 

Why does the command show ip route does not list subnets that are reachable over an active vpn connection?

 

I know there exists commands like show crypto ipsec sa which could give you some details about active vpn sessions but you have to read through all the output.

 

Does any other commands actually exist which would list "vpn subnets" ?

This link for a different product shows a command which actually list all vpn subnets.

 

Thanks

Ravi

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-28-2015 09:35 AM

The IPsec SAs are formed as a result of the access-list that is referenced in the cryptomap for a given site-site VPN.

For that reason, I try to use access-lists with human readable names so I can easily have a look at the ACL to know which subnets (or, more accurately, local-remote subnet pairs) are covered in a given site-site VPN.

As you noted, the :show crypto ipsec sa" command is the most definitive, although it often gives you more information than you want. I sometimes use that and trim the output by piping it to an "include" statement.

0 Helpful
Customers Also Viewed These Support Documents