Professional Documents
Culture Documents
Commands
show security ipsec tunnels
Tunnel counts
Print interfaces+Ips
Print access
show logfile
realm information
counts
IP
Address
------------------127.0.0.1/8
v6::1
5.194.192.52/25
169.254.1.2/30
169.254.2.2/30
66.94.29.39/28
10.17.2.111/24
10.161.183.84/28
66.94.29.41/28
10.17.2.113/24
Gateway
Address
---------------66.94.29.33
10.17.2.1
SGW Page 1
Admin
State
----up
up
Oper
State
----up
up
up
up
up
up
up
up
up
up
0
1
1
0
0 M01
674 M10
10.17.2.113/24
10.161.183.86/28
10.17.2.1
10.161.183.81
up
up
up
up
SGW Page 2
max-jitter
max-packet-loss
observ-window-size
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid
manipulation-string
class-profile
average-rate-limit
access-control-trust-level
invalid-signal-threshold
maximum-signal-threshold
untrusted-signal-threshold
nat-trust-threshold
deny-period
ext-policy-svr
symmetric-latching
pai-strip
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching
restriction-mask
accounting-enable
user-cac-mode
user-cac-bandwidth
user-cac-sessions
icmp-detect-multiplier
icmp-advertisement-interval
icmp-target-ip
monthly-minutes
net-management-control
delay-media-update
refer-call-transfer
codec-policy
codec-manip-in-realm
constraint-name
call-recording-server-id
stun-enable
stun-server-ip
stun-server-port
stun-changed-ip
stun-changed-port
match-media-profiles
qos-constraint
last-modified-by
last-modified-date
0
0
0
0
none
0
0
0
0
30
disabled
disabled
none
32
enabled
none
0
0
0
0
0
disabled
disabled
disabled
disabled
disabled
0.0.0.0
3478
0.0.0.0
3479
afoster33@5.217.137.55
2012-07-31 08:28:41
SGW Page 3
retry-timeout
health-score
dns-ip-primary
dns-ip-backup1
dns-ip-backup2
dns-domain
dns-timeout
hip-ip-list
ftp-address
icmp-address
snmp-address
telnet-address
last-modified-by
last-modified-date
task done
1
30
66.94.9.80
t-mobile.com
11
66.94.29.39
66.94.29.39
admin@5.248.29.52
2009-11-13 15:38:09
access-sainfo
esp-auth
sha1
aes
tunnel
66.94.29.39
*
admin@5.249.29.46
2009-11-11 17:26:45
eit-sainfo
esp-auth
sha1
aes
tunnel
10.17.2.111
*
admin@5.249.29.46
2009-11-11 17:27:28
66.166.60.3
11
allocated
7.128.0.111
74.116.24.9
10
allocated
7.128.0.120
76.164.159.113
12
allocated
7.128.0.122
73.176.4.32
11
allocated
7.128.0.125
24.248.245.202
10
allocated
7.128.0.131
65.121.58.198
13
allocated
7.128.0.144
12.227.10.171
11
allocated
7.128.0.159
99.157.132.206
11
allocated
: 2
SGW Page 4
IKE Version
Tunnel State
Last Response [Seconds]
AAA Identity
NAT
:
:
:
:
:
2
Up
79
IP Addresses [IP:Port]
Peer
Server Instance
: 66.166.60.3:4500
: 66.94.29.39:500
Cookies
Initiator
Responder
: 0xbd7647558b4ba5c6
: 0xc55006dea39b664c
Algorithms
DH Group
Hash
MAC
Cipher
:
:
:
:
SA Times [Seconds]
Creation
Expiry
Remaining
: 2213760
: 259200
: 86318
Yes
2
HMAC-SHA1
SHA1-96
AES_CBC
IPSec SA:
IP Addresses [IP:Port]
Destination
Source
: 7.128.0.110:0
: 10.160.0.0:0
SPI
Outbound
Inbound
Algorithms
Mode
Protocol
Authentication
Encryption
: 3326292221
: 3350292097
:
:
:
:
TUNNEL
ESP
SHA1
AES
:
:
:
:
:
:
:
:
:
:
7.128.0.110
0
0
ALL
1209
29344
aes-128-cbc
hmac-sha1
66.94.29.39
SGW Page 5
tunnel-source
: 66.94.29.39
tunnel-destination
: 66.166.60.3
mtu
: 1428
flags 0x
66800
C
byte count limit hard ms: 0xFFFFFFFF, hard ls: 0xFFFFFFFF
soft ms: 0xFFFFFFFF, soft ls: 0xFFFFFFFF
time limit hard: 0x5361AC98, soft: 0x5361AC7A
seq ms: 0x
0, seq ls: 0x
3409
SGWCHI06# show security ipsec sad M00:1209 detail spi 3350292097
WARNING: This action might affect system performance and take a long time to
finish.
Are you sure [y/n]?: y
IPSEC security-association-database for interface 'M00:1209':
Displaying SA's that match the following criteria spi
: 3350292097
direction
: both
ipsec-proto
: any
src-addr-prefix
: any
src-port
: any
dst-addr-prefix
: any
dst-port
: any
trans-proto
: ALL
Inbound, SPI: 3350292097
destination-address
: 66.94.29.39
vlan-id
: 1209
ipsec-protocol
: Unknown
sad-index
: 29304
encr-algo
: aes-128-cbc
auth-algo
: hmac-sha1
match fields:
src-ip
: 7.128.0.110
dst-ip
:
src-port
: 0
dst-port
: 0
vlan-id
: 1209
trans-proto
: ALL
mask fields:
src-ip
: 255.255.255.255
dst-ip
:
src-port
: 0
dst-port
: 0
vlan-id
: 4095
protocol
: 0
flags 4066800, ls:
C
byte count limit hard ms: 0xFFFFFFFF, hard ls: 0xFFFFFFFF
soft ms: 0xFFFFFFFF, soft ls: 0xFFFFFFFF
hard limit hard: 0x5361AC98, soft: 0x5361AC7A
seq ms: 0x
0, seq ls: 0x
28E6
SGW Page 6