Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
1
Replies

Show open ports in VPN tunnel

umbernaut
Level 1
Level 1

‎12-28-2010 12:59 PM

I have a Cisco 2811 router with IOS Version 15.1(1)T.  The "show control-plane host open-ports" will show me IPs and ports being used like netstat, but it does not show networks in the VPN tunnel.  How do I see the ports being used there?

-L

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-28-2010 03:16 PM

L,

I'm not sure what you actually want to see, the behavior of ports is quite well defined...

You can check

R0#sh crypto isakmp peers 
Peer: 10.0.0.101 Port: 500 Local: 10.0.0.1
 Phase1 id: GROUP

or in more depth:

R0#sh crypto session 
Crypto session current status

Interface: Virtual-Access2
Username: tonno
Profile: WHATEVER
Group: GROUP
Assigned address: 111.0.0.11
Session status: UP-ACTIVE     
Peer: 10.0.0.101 port 500 
  IKE SA: local 10.0.0.1/500 remote 10.0.0.101/500 Active 
  IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 
        Active SAs: 2, origin: crypto map

(you can even ask for "detail" to this one).

Marcin

0 Helpful
Customers Also Viewed These Support Documents