Table 8-5. IPSec Troubleshooting Commands: show and debug
Command | Parameter | Description |
|---|
show crypto isakmp | key | Displays the preshared key associated with particular peers |
policy | Displays the ISAKMP (IKE) policies configured on the router |
sa | Displays established ISAKMP (IKE) SAs |
show crypto map | [interface interface | tag map-name] | Displays specified crypto map |
show crypto ipsec | sa | Displays IPSec SAs |
transform-set | Displays IPSec transform sets |
security-association lifetime | Displays the SA lifetime value configured for a particular crypto map entry |
show crypto dynamic-map | | Displays crypto map templates |
show crypto identity | | Displays configured crypto identities |
show crypto engine | connections active | Displays IPSec connections, together with encrypted and decrypted packets |
show crypto ca | certificates | Displays digital certificates |
crls | Displays the CRL |
show crypto key | mypubkey rsa | Displays router's public keys |
pubkey-chain rsa | Displays peers' public keys |
debug crypto isakmp | | Displays IKE negotiation messages |
debug crypto ipsec | | Displays IPSec events |
debug crypto pki | transactions | Displays PKI message exchange between the router and the CA |
