VPN configuration task list
367
SmartWare Software Configuration Guide
32 • VPN configuration
Example:
Display IPsec transformation profiles
node(cfg)#show profile ipsec-transform
IPSEC transform profiles:
Name: AES_128
ESP Encryption: AES-CBC, Key length: 128
Example:
Display IPsec policy profiles
node(cfg)#show profile ipsec-policy-manual
Manually keyed IPsec policy profiles:
Name: ToBerne, Peer: 200.200.200.1, Mode: tunnel, transform-profile: AES_128
ESP SPI Inbound: 1111, Outbound: 2222
ESP Encryption Key Inbound: 1234567890ABCDEF1234567890ABCDEF
ESP Encryption Key Outbound: FEDCBA0987654321FEDCBA0987654321
Debugging IPsec
A debug monitor and an additional
show
command are at your disposal to debug IPsec problems.
Procedure:
To debug IPsec connections
Mode:
Configure
Example:
IPsec Debug Output
node(cfg)#debug ipsec
IPSEC monitor on
23:11:04 ipsec > Could not find security association for inbound ESP packet.
SPI:1201
Example:
Display IPsec Security Associations
node(cfg)#show ipsec security-associations
Active security associations:
Dir Type Policy Mode Udp-Encapsulation
Peer SPI AH SPI ESP AH ESP-Auth ESP-Enc
Bytes (processed/lifetime) Seconds (age/lifetime)
Step
Command
Purpose
1
node
(cfg)#debug ipsec
Enables IPsec debug monitor
2
optional
node
(cfg)#show ipsec security-associ-
ations
Summarizes the configuration information of all
IPsec connections. If an IPsec connection does
not show up, then one or more parameters are
missing in the respective Policy Profile.
The information ‘Bytes (processed)’ supports
debugging because it indicates whether IPsec
packets depart from (‘OUT’) or arrive at (‘IN’) the
SmartNode.
Содержание SmartNode Series
Страница 250: ...RIP configuration task list 250 SmartWare Software Configuration Guide 23 RIP configuration rip enabled ...
Страница 635: ...635 Appendix A Terms and definitions Chapter contents Introduction 636 SmartWare architecture terms and definitions 636 ...
Страница 641: ...641 Appendix B Mode summary Chapter contents Introduction 642 ...
Страница 648: ...648 Appendix D Internetworking terms acronyms Chapter contents Abbreviations 649 ...
Страница 653: ...653 Appendix E Used IP ports available voice codecs Chapter contents Used IP ports 654 Available voice codecs 655 ...