11-26-2005 10:08 AM - edited 02-21-2020 02:07 PM
Hello, is there any command that can show the number of VPN connections to the pix firewall, the ip addresses it has leased to these connections and the source ip. Like the "show ssh session" will do.
Thanks
D.
Solved! Go to Solution.
11-26-2005 04:04 PM
"sh crypto ipsec sa" will provide the required info. however, it provides many other statistics as well, which may not be required.
e.g.
pix# sh cry ips sa
interface: outside
Crypto map tag: csgvpn, local addr.
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (
current_peer: 220.233.111.107:4500
dynamic allocated peer ip:
PERMIT, flags={transport_parent,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.:
path mtu 1500, ipsec overhead 64, media mtu 1500
current outbound spi: 4262e8b6
inbound esp sas:
spi: 0x26a0e09f(648077471)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
slot: 0, conn id: 6, crypto map: csgvpn
sa timing: remaining key lifetime (k/sec): (4607999/28720)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x4262e8b6(1113778358)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
slot: 0, conn id: 5, crypto map: csgvpn
sa timing: remaining key lifetime (k/sec): (4607999/28702)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
11-26-2005 04:04 PM
"sh crypto ipsec sa" will provide the required info. however, it provides many other statistics as well, which may not be required.
e.g.
pix# sh cry ips sa
interface: outside
Crypto map tag: csgvpn, local addr.
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (
current_peer: 220.233.111.107:4500
dynamic allocated peer ip:
PERMIT, flags={transport_parent,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.:
path mtu 1500, ipsec overhead 64, media mtu 1500
current outbound spi: 4262e8b6
inbound esp sas:
spi: 0x26a0e09f(648077471)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
slot: 0, conn id: 6, crypto map: csgvpn
sa timing: remaining key lifetime (k/sec): (4607999/28720)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x4262e8b6(1113778358)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
slot: 0, conn id: 5, crypto map: csgvpn
sa timing: remaining key lifetime (k/sec): (4607999/28702)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide