What command to use for getting Cisco VPN security settings?

Big-JJBig-JJ Member Posts: 53 ■■■□□□□□□□
in CCNA Security
Hello guys,

A newbie here...

I asked the network admin to use the following command. I want to obtain VPN security settings for audit.
  • show crypto isakmp policy
  • show crypto isakmp sa
I want to verify VPN IKE phase 1 and 2 policy (hashing, authentication (pre-shared key), Group (DH) level, Lifetime, and Encryption)

The admin said those commands were not valid. Are my commands not correct? if so, can you recommand me the correct commands?

Thank you for help
MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP
· Share on FacebookShare on Twitter

Comments

  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    What kind of device? Those commands are invalid if you do not have an IPSEC site-to-site VPN configured on the device.

    Now from an ASA/VPN perspective, you want to audit VPN?

    Have him log the following

    sh run or sh tech

    That will give you all you need to know, if you want to verify any current users do a "sh vpn-sessiondb ?" for what you are looking for.

    Looking for IPSEC though, sounds like it doesn't exist on the device. These should give you what you need

    sh crypto isakmp policy
    sh crypto ipsec transform-set
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.