show crypto ipsec transform-set

Last Updated : Nov 06, 2012 |

Displays the configuration for the specified transform-set or all transform-sets.

Syntax

show crypto ipsec transform-set [transform-set-name]

Parameters

Parameter

Description

Possible Values

Default Value

transform-set-name

The name of the transform set you want to display. If you do not enter a value, all transform-sets are displayed.

User level

read-only

Context

general

Example

To display the configuration for all transform-sets:

Gxxx-001(super)# show crypto ipsec transform-set
Showing 10 rows
Name                ESP Enc ESP Hash PCP PFS Life Sec   Life KB    Mode
------------------- ------- -------- --- --- ---------- ---------- ------
ts1                 aes     sha-hmac No  No        3600    4608000 Tunnel
ts18                aes-192 md5-hmac No  No        3600    4608000 Tunnel
ts2                 des     sha-hmac No  No        3600    4608000 Tunnel
ts3                 des     md5-hmac No  No        3600    4608000 Tunnel
ts4                 aes-256 sha-hmac No  No        3600    4608000 Tunnel
ts5                 3des    md5-hmac No  No        3600    4608000 Tunnel
ts6                 aes-192 sha-hmac No  No        3600    4608000 Tunnel
ts7                 3des    sha-hmac No  No        3600    4608000 Tunnel
tsDef               3des    sha-hmac No  #2        3600    4608000 Tunnel
tsVoip              des     sha-hmac No  No        3600    4608000 Tunnel

Output fields

Name

Description

Name

the name of the transform-set

ESP Enc

the type of encryption required for ESP traffic

ESP Hash

the type of HMAC (Hash Message Authentication Code) required for ESP traffic

PCP

whether IP Payload Compression is required

PFS

whether Perfect Forward Secrecy is required when negotiating the SA, and if so, which Diffie-Hellman group to use

Life sec

the required lifetime of the SA, in seconds

Life KB

the required lifetime of the SA, in kilobytes

Mode

the required encapsulation mode — tunnel or transport