Success rate is 100 percent (5/5), round-trip min/avg/max = 69/70/73 ms 6. This command allows the ASA device to send any TCP packet (TCP SYN) from any source IP to any destination IP on any port. ICMP error validation: disabled, TFC packets: disabledĬurrent inbound spi : CTYCBHYJ 5. PMTU time remaining (sec): 0, DF policy: copy-df
Path mtu 1500, ipsec overhead 82(52), media mtu 1500 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #pkts not compressed: 16905, #pkts comp failed: 0, #pkts decomp failed: 0 #pkts compressed: 0, #pkts decompressed: 0 You can also see the two ESP SAs built for the inbound and outbound traffic. The encrypted tunnel is built between IP addresses 2.2.2.2 and 1.1.1.1for the traffic that flows between the networks 10.10.1.0 and 10.20.1.0. The show crypto ipsec sa command shows the IPsec SAs that are built between the peers. Protocol : An圜onnect-Parent SSL-Tunnel DTLS-TunnelĮncryption : An圜onnect-Parent: (1)none SSL-Tunnel: (1)AES256 DTLS-Tunnel: (1)AES256 Displays information about a particular user ASA# show vpn-sessiondb anyconnect filter name user1Īssigned IP : 10.10.1.10 Public IP : 1.1.1.1
Viewing a list of Remote access VPN users ASA# show vpn-sessiondb anyconnect | incl U
Removing a tunnel-group tunnel-group 1.1.1.1 type ipsec-l2lĪSA (config)# clear configure tunnel-group 1.1.1.1 2. I found some of the commands very useful when troubleshooting. There are thousands of commands available on Cisco ASA.
0 kommentar(er)
