Notice the command "show crypto ipsec sa peer 5.5.5.5". That shows you the following Phase II information (shorted for brevity).
Thursday, February 7, 2013
Cisco ASA: "Show Crypto Ipsec SA Peer" Command - Verifying Two Way Traffic
How do you know if VPN traffic is going across and back or not? Well, here is how you do that on an Cisco ASA. If you look at the example below, circled in red, you will see encrypt and decrypt. Encrypt is your ASA encrypting traffic going across to the remote side. Decrypt is traffic being decrypted come back from the remote side. If you see your encrypt numbers going up, and decrypt numbers staying the same, then you know you are getting across, but nothing is coming back. If you see your decrypt numbers going up, but your encrypt numbers staying the same, then you know that you are getting traffic from the remote side, but not sending anything back. You need to see both numbers going up to know you have two way traffic.
Notice the command "show crypto ipsec sa peer 5.5.5.5". That shows you the following Phase II information (shorted for brevity).
Notice the command "show crypto ipsec sa peer 5.5.5.5". That shows you the following Phase II information (shorted for brevity).
Subscribe to:
Post Comments (Atom)
how can we clear these encap and decap counters?
ReplyDeleteBounce the vpn. There is probably a way to clear the counters, not sure right off.
Delete