Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to tell if IPSec Tunnel is really encrypting 2

Status
Not open for further replies.
retiredman2006

retiredman2006

Technical User
Jan 30, 2003
3
0
0
US
I have 2 7206VXR routers with VAM cards and are serially connected via 2 T-1's running IOS 12.2(15T1)and would like to know if any one has any ideas how to verify that the data between these 2 routers is really being encrypted.

I'm using GRE encapsulation with the tunnel.

Cisco has signed off on saying I have everything configured correctly. I don't have a WAN Sniffer to check so any other ideas would be appreciated.

Thanks
 
Sort by date Sort by votes
You may use the "show crypto engine connection active" commands that shows packet encryption/decryption counter per IPSec security association.

Other helpful crypto commands are:

debug crypto isakmp - Shows detailed information on Internet Key Exchange (IKE) phase I (Main Mode) negotiation.

debug crypto ipsec - Shows detailed information on IKE phase II (Quick Mode) negotiation.

debug crypto engine - Debugs packet encryption/decryption and Diffie-Hellman (DH) process.

debug ip ospf adj - Debugs OSPF neighbor adjacency establishment process.

show crypto isakmp sa - Shows all current Internet Security Association and Key Management Protocol (ISAKMP) security associations.

show crypto ipsec sa - Shows all current IPSec security associations.

 
Upvote 0 Downvote
Hi,
the best way to verify the encryption is
sh access-lists

it will shows u all the access lists and number of hits, that way u can see how many how many hists on a specific access list. if acl shows no hits then data is not encrypted.
 
Upvote 0 Downvote
____________________________________________________________
>>amirchd (IS/IT--Manageme) Jul 31, 2003
>>Hi,
>>the best way to verify the encryption is
>>sh access-lists

>>it will shows u all the access lists and number of hits, >>that way u can see how many how many hists on a specific >>access list. if acl shows no hits then data is not >>encrypted.
____________________________________________________________

HUH?!?!?!?!?!?!
Not sure what you are talking about up there.

Fmonteiros right, marking his post as helpful.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
106
madwok
madwok
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
75
Luzbel
Luzbel
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
90
BIS
BIS
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
94
bdk76
bdk76
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
42
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top