06-10-2003 06:02 AM - edited 02-21-2020 12:36 PM
Hi, just wonder if we can tell the uptime of each phase for a VPN tunnel on PIX? any command that we could use to at least identify the SA, beside looking at the SPI number? any idea would be appreciate. thanks
06-10-2003 09:24 PM
"sho cry ipsec sa" will tell you details about each set of SA's for each tunnel. The local ident and remote ident show you which traffic pattern this tunnel is for, and the "inbound esp sa" and "outbound esp sa" sections show you each individual SA, along with how many seconds they have left before they're rebuilt.
No way to get this info for Phase 1 though I think.
06-11-2003 01:04 PM
Thanks for your reply, I didn't really look into the sho cry ipsec sa information before, didn't know there is a timing for the SA to rebuilt. Just confirm there is no way like concentrator, showing the tunnel has been up for how long right?
anyway, thanks a lot
06-11-2003 07:07 PM
No, there isn't, sorry.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide