Command:

debug crypto ipsec


Mode:

Router#


Syntax:

debug crypto ipsec

no debug crypto ipsec

 

Syntax Description:

This command has no arguments or keywords.

 

Command Description:

To display IPSec events, use the debug crypto ipsec privileged EXEC command. The no form of this command disables debugging output.


Example:

The following is sample output from the debug crypto ipsec command. In this example, security associations (SAs) have been successfully established.

Router# debug crypto ipsec
00:24:30: IPSEC(sa_request): ,
(key eng. msg.) src= 172.21.114.123, dest= 172.21.114.67,
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
00:24:30: IPSEC(sa_request): ,
(key eng. msg.) src= 172.21.114.123, dest= 172.21.114.67,
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1).,
protocol= AH, transform= ah-sha-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0.
00:24:34: IPSEC(key_engine): got a queue event...
00:24:34: IPSEC(spi_response): getting spi 302974012ld for SA
from 172.21.114.67 to 172.21.114.123 for prot 3
00:24:34: IPSEC(spi_response): getting spi 525075940ld for SA
from 172.21.114.67 to 172.21.114.123 for prot 2


Misconceptions:

None.


Related Commands:

None.


© Cisco Systems, Inc. 2001, 2002
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)