Command:  

show crypto ipsec transform-set


Mode:

Router#

Router>


Syntax:

show crypto ipsec transform-set [ tagtransform-set-name]


Syntax Description:

tag transform-set-name

(Optional) Only the transform sets with the specified transform-set-name are displayed.

 

Command Description:

To view the configured transform sets, use the show crypto ipsec transform-setcommand in EXEC mode.


Example:

The following is sample output for the show crypto ipsec transform-setcommand:

Router# show crypto ipsec transform-set

Transform set combined-des-sha: {esp-des esp-sha-hmac}

will negotiate = { Tunnel, },

Transform set combined-des-md5: {esp-des esp-md5-hmac}

will negotiate = { Tunnel, },

Transform set t1: {esp-des esp-md5-hmac}

will negotiate = {Tunnel,},

Transform set t100: {ah-sha-hmac}

will negotiate = {Transport,},

Transform set t2: {ah-sha-hmac}

will negotiate = {Tunnel,},

{ esp-des }

will negotiate = {Tunnel,},

The following configuration was in effect when the previous show crypto ipsec transform-setcommand was issued:

crypto ipsec transform-set combined-des-sha esp-des esp-sha-hmac

crypto ipsec transform-set combined-des-md5 esp-des esp-md5-hmac

crypto ipsec transform-set t1 esp-des esp-md5-hmac

crypto ipsec transform-set t100 ah-sha-hmac

 mode transport

crypto ipsec transform-set t2 ah-sha-hmac esp-des

The following sample output from the s how crypto ipsec transform-setcommand displays a warning message after a user tries to configure an IPSec transform that the hardware does not support:

Router#  show crypto ipsec transform-set

Transform set transform-1:{ esp-256-aes esp-md5-hmac }

will negotiate = { Tunnel, },

WARNING:encryption hardware does not support transform

esp-aes 256 within IPSec transform transform-1


Misconceptions:

None


Related commands:

 

crypto isakmp transform-set


© Cisco Systems, Inc. 2001, 2002
World Wide Education










Converted from CHM to HTML with chm2web Pro 2.85 (unicode)