show crypto isakmp sa

Last Updated : Nov 06, 2012 |

Displays the ISAKMP SA database status.

Syntax

show crypto isakmp sa

User level

read-only

Context

general

Example

To display the ISAKMP SA database status:

Gxxx-001(super)# show crypto isakmp sa
Showing 6 rows:
C-id Local           Remote            State    Encr   Hash  Aut  DH TTL      DPD Nat-T
---- --------------- ---------------   -------   ----   ----  ---- -- -------- --- ----
1    123.123.123.123 133.133.133.133   Ready    des    md5   psk  1  29600   Yes  No 
vpn.nj.avaya.com
2    222.123.123.123 111.133.133.133   AM Neg 
5    1.1.1.1         2.2.2.2           MM Neg
10   1.1.1.1         3.3.3.3           No-Srvc   aes256 sha   psk  2  80000   Yes Yes
17   123.1.2.1       135.34.3.2        Delete   3des   sha   psk  2     20    No  No
25   1.1.1.1         4.4.4.4           Backoff

Output fields

Name

Description

C-id

Connection ID (set using the crypto map command)

Local

IP address of local peer

Remote

IP address of remote peer

State

The state of the ISAKMP SA

  • Ready — ready to pass ISAKMP information

  • MM Neg — Main Mode Negotiation

  • AM Neg — Aggressive Mode Negotiation

  • No-Srvc — in Deactivate process

  • Delete — in Delete process

  • Backoff — in Back-off period, after remote peer presumed dead

Encr

The encryption algorithm used (des, 3des, aes, aes-192, or aes-256)

Hash

The hashing algorithm used (md5 or sha)

Aut

The authentication type

DH

The Diffie-Hellman group

TTL

Time left for SA (set using the lifetime command in crypto isakmp policy context)

DPD

Whether Dead Peer Detection is enabled

Nat-T

Whether NAT-traversal is enabled