Solved: VPN tunnel Up time

tankvishal1108 · ‎12-22-2016

Hi guys,

I am curious how to check isakmp tunnel up time on router the way we can see on firewall.

Ex. On ASA

ASA(config)# sh vpn-sessiondb l2l

Session Type: LAN-to-LAN

Connection : 150.1.13.3
Index : 3 IP Addr : 150.1.13.3
Protocol : IKEv1 IPsec
Encryption : 3DES Hashing : MD5
Bytes Tx : 69400 Bytes Rx : 69400
Login Time : 13:17:08 UTC Thu Dec 22 2016
Duration : 0h:04m:29s

Is there any way to check on 7200 series router.

Rahul Govindan · ‎12-22-2016

"show crypto session <brief | detail>" should show this information:

The following is sample output from the show crypto session brief command:

Router# show crypto session brief 


Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating 

        K - No IKE

ivrf = (none)

           Peer        I/F     Username     Group/Phase1_id    Uptime      Status        

           10.1.1.2    Vi2     cisco        easy               00:50:30    UA

The following is sample output from the show crypto session detail command:

Router# show crypto session detail


Crypto session current status 


Code: C - IKE Configuration mode, D - Dead Peer Detection 

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication 


Interface: Virtual-Access2

Username: cisco

Profile: prof

Group: easy

Assigned address: 10.3.3.4

Uptime: 00:49:33

Session status: UP-ACTIVE 

Peer: 10.1.1.2 port 500 fvrf: (none) ivrf: (none)

Phase1_id: easy

Desc: (none)

IKE SA: local 10.1.1.1/500 remote 10.1.1.2/500 Active 

Capabilities:CX connid:1002 lifetime:23:10:15

IPSEC FLOW: permit ip 10.0.0.0/0.0.0.0 host 10.3.3.4 

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4425776/626

Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4425776/626

View solution in original post

Rahul Govindan · ‎12-22-2016

"show crypto session <brief | detail>" should show this information:

The following is sample output from the show crypto session brief command:

Router# show crypto session brief 


Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating 

        K - No IKE

ivrf = (none)

           Peer        I/F     Username     Group/Phase1_id    Uptime      Status        

           10.1.1.2    Vi2     cisco        easy               00:50:30    UA

The following is sample output from the show crypto session detail command:

Router# show crypto session detail


Crypto session current status 


Code: C - IKE Configuration mode, D - Dead Peer Detection 

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication 


Interface: Virtual-Access2

Username: cisco

Profile: prof

Group: easy

Assigned address: 10.3.3.4

Uptime: 00:49:33

Session status: UP-ACTIVE 

Peer: 10.1.1.2 port 500 fvrf: (none) ivrf: (none)

Phase1_id: easy

Desc: (none)

IKE SA: local 10.1.1.1/500 remote 10.1.1.2/500 Active 

Capabilities:CX connid:1002 lifetime:23:10:15

IPSEC FLOW: permit ip 10.0.0.0/0.0.0.0 host 10.3.3.4 

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4425776/626

Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4425776/626

GRANT3779 · ‎12-22-2016

Hi,

Not 100% sure for the 7200 series, but in IOS I can use

show crypto isakmp sa

show crypto ipsec sa