You want to check the status of a VPN.
There are several useful commands for displaying IPSec parameters.
The command show crypto isakmp sa shows all of the ISAKMP security associations.
show crypto isakmp sa
And you can look at the IPSec security associations with this command:
show crypto ipsec sa
Even if you aren’t using a key management protocol such as ISAKMP, you can see information on all of the active IPSec connections with the following command:
show crypto engine connections active
And this closely related command will tell you about packet drops within the encryption engine:
show crypto engine connections dropped-packet
The show crypto map command gives information about all of the IPSec crypto maps that you have configured on your router, whether or not they are in use:
show crypto map
And you can specify a particular crypto map with the tag keyword:
show crypto map tag TUNNELMAP
For information about dynamic crypto maps, you can use the following command:
show crypto dynamic-map
The show crypto isakmp sa command lets you see information about the current state of any ISAKMP key exchanges that the router is involved in:
show crypto isakmp sadst src state conn-id slot 172.22.1.4 172.22.1.3 QM_IDLE 1 0 Router1#
Table 12-3 shows all of the possible ISAKMP SA states.
Table 12-3. ISAKMP SA states
|Main Mode||MM_NO_STATE||There is an ISAKMP SA, but none ...|