What command to use for getting Cisco VPN security settings?

Hello guys,

A newbie here...

I asked the network admin to use the following command. I want to obtain VPN security settings for audit.

show crypto isakmp policy
show crypto isakmp sa

I want to verify VPN IKE phase 1 and 2 policy (hashing, authentication (pre-shared key), Group (DH) level, Lifetime, and Encryption)

The admin said those commands were not valid. Are my commands not correct? if so, can you recommand me the correct commands?

Thank you for help

Find more posts tagged with

Comments

RouteMyPacket

What kind of device? Those commands are invalid if you do not have an IPSEC site-to-site VPN configured on the device.

Now from an ASA/VPN perspective, you want to audit VPN?

Have him log the following

sh run or sh tech

That will give you all you need to know, if you want to verify any current users do a "sh vpn-sessiondb ?" for what you are looking for.

Looking for IPSEC though, sounds like it doesn't exist on the device. These should give you what you need

sh crypto isakmp policy
sh crypto ipsec transform-set