Reference Guide
show crypto ipsec policy
Display the configuration of IPsec authentication and encryption policies.
S4820T
Syntax show crypto ipsec policy [namename]
Parameters
name
name
(OPTIONAL) Displays configuration details about a specified policy.
Defaults No default behavior or values.
Command Modes
EXEC
EXEC Privilege
Command History
This guide is platform-specific. For command information about other platforms, refer to the
relevant
FTOS Command Line Reference Guide
.
The following is a list of the FTOS version history for this command.
Version 9.1.(0.0) Introduced on the S4810 and Z9000.
Version 8.4.2.0 Introduced on the E-Series TeraScale.
Version 8.3.19.0 Introduced on the S4820T.
Usage
Information
The show crypto ipsec policy command output displays the AH and ESP parameters
configured in IPsec security policies, including the SPI number, keys, and algorithms used.
When configured in a helper-reject role, an OSPFv3 router ignores the Grace LSAs that it
receives from a restarting OSPFv3 neighbor.
Related
Commands
show crypto ipsec sa ipv6 – displays the IPsec security associations used on OSPFv3
interfaces.
Example
FTOS#show crypto ipsec policy
Crypto IPSec client security policy data
Policy name : OSPFv3-1-502
Policy refcount : 1
Inbound ESP SPI : 502 (0x1F6)
Outbound ESP SPI : 502 (0x1F6)
Inbound ESP Auth Key : 123456789a123456789b123456789c12
Outbound ESP Auth Key : 123456789a123456789b123456789c12
Inbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Outbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Transform set : esp-3des esp-md5-hmac
Crypto IPSec client security policy data
Policy name : OSPFv3-0-501
Policy refcount : 1
Inbound ESP SPI : 501 (0x1F5)
Outbound ESP SPI : 501 (0x1F5)
Inbound ESP Auth Key :
1016