cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
3
Replies

Uptime for VPN tunnel on PIX?

tkpsimon
Level 1
Level 1

Hi, just wonder if we can tell the uptime of each phase for a VPN tunnel on PIX? any command that we could use to at least identify the SA, beside looking at the SPI number? any idea would be appreciate. thanks

3 Replies 3

gfullage
Cisco Employee
Cisco Employee

"sho cry ipsec sa" will tell you details about each set of SA's for each tunnel. The local ident and remote ident show you which traffic pattern this tunnel is for, and the "inbound esp sa" and "outbound esp sa" sections show you each individual SA, along with how many seconds they have left before they're rebuilt.

No way to get this info for Phase 1 though I think.

Thanks for your reply, I didn't really look into the sho cry ipsec sa information before, didn't know there is a timing for the SA to rebuilt. Just confirm there is no way like concentrator, showing the tunnel has been up for how long right?

anyway, thanks a lot

No, there isn't, sorry.