Monitoring the IPsec Transport Connections Information

Purpose

Display information about transport connections.

Action

To display information about transport connections:

host1:vr11#show ipsec transport interface
IPSEC transport interface 5 is Up
IPSEC transport interface 6 is Up
2 Ipsec transport interfaces found

To display information about a particular transport connection:

host1:vr11#show ipsec transport interface 5
IPSEC transport interface 5 is Up

To display detailed information about a transport connection:

host1:vr11#show ipsec transport interface detail 5
IPSEC transport interface 5 is Up
  Configuration
    Virtual router vr00
    Application gre
    No pfs group
    Mtu is 1440
    Local address is 10.255.0.61
    Remote address is 10.255.0.62
    Local identity is subnet 10.255.0.61 255.255.255.255, proto 47, port 0
    Remote identity is subnet 10.255.0.62 255.255.255.255, proto 47, port 0
    Inbound spi 0x15c30204
    Inbound transform transport-esp-3des-sha1
    Inbound lifetime 900 seconds 102400 kilobytes
    Outbound spi is 0x16a10205
    Outbound transform transport-esp-3des-sha1
    Outbound lifetime 900 seconds 102400 kilobytes
  Statistics
    InUserPackets           5
    InUserOctets            270
    InAccPackets            5
    InAccOctets             440
    InAuthErrors            0
    InReplayErrors          0
    InPolicyErrors          0
    InOtherRxErrors         0
    InDecryptErrors         0
    InPadErrors             0
    OutUserPackets          5
    OutUserOctets           270
    OutAccPackets           5
    OutAccOctets            440
    OutPolicyErrors         0
    OutOtherTxErrors        0

Meaning

Table 44 lists the output fields for the show ipsec transport interface command.

Table 44: show ipsec transport interface Output Fields

Field Name

Field Description

IPsec transport interface

Number and status of the IPsec transport connection

Configuration

Configuration information about the IPsec transport connection:

  • Virtual router—Virtual router on which this profile is configured
  • Application—Type of application the connection can protect
  • pfs group—PFS group being used for the connection
  • Mtu—Tunnel's MTU size
  • Local address—Local endpoint address
  • Remote address—Remote endpoint address
  • Local identity—Subnet, protocol, and port of the local endpoint
  • Remote identity—Subnet, protocol, and port of the remote endpoint
  • Inbound spi—Inbound security parameter index
  • Inbound transform—Inbound algorithm
  • Inbound lifetime—Inbound configured lifetime in seconds and kilobytes
  • Outbound spi—Outbound security parameter index
  • Outbound transform—Outbound algorithm
  • Outbound lifetime—Outbound configured lifetime in seconds and kilobytes

Statistics

Statistics about the IPsec transport connection:

  • InUserPackets—Number of user packets received
  • InUserOctets—Number of octets received from user packets
  • InAccPackets—Number of encapsulated packets received
  • InAccOctets—Number of octets received in encapsulated packets
  • InAuthErrors—Number of authentication errors received
  • InReplyErrors—Number of reply errors in received traffic
  • InPolicyErrors—Number of policy errors in received traffic
  • InOtherRxErrors—Number of packets received that have errors other than the following errors:
    • InAuthErrors
    • InReplyErrors
    • InPolicyErrors
    • InDecryptErrors
    • InPadErrors
  • InDecryptErrors—Number of decryption errors in received traffic
  • InPadErrors—Number of packets received that had invalid values after the packet was decrypted
  • OutUserPackets—Number of user packets sent
  • OutUserOctets—Number of octets sent in user packets
  • OutAccPackets—Number of encapsulated packets sent
  • OutAccOctets—Number of octets sent in encapsulated packets
  • OutPolicyErrors—Number of packets arriving at the transport connection for encapsulation that do not meet the specified identifier (selector)
  • OutOtherTxErrors—Number of outbound packets that have errors other than the OutPolicyErrors

Related Documentation