Skip to main content
Cisco SD-WAN
Product Documentation
Viptela Documentation

show ipsec local-sa

show ipsec local-sa—Display security association information for the IPsec tunnels that have been created for local TLOCs (on vEdge routers only).

Command Syntax

show ipsec local-sa
show ipsec local-sa tloc-address [color [spi [(auth-key-hash | encrypt-key-hash | ip | port) ] ] ] ]


Display information for the security associations for all IPsec tunnels that originate on the local router. The SA information is listed in order according to the local TLOC address.
Specific SA
tloc-address [color [spi [(auth-key-hash | encrypt-key-hash | ip | port) ] ] ] ]​
Display information for a specific security association.

Output Fields

The value in the Key Hash fields is created by taking the encryption and authentication key hash keys and creating a single hash.

The other output fields are self-explanatory.

Example Output

vEdge# show ipsec local-sa
                                          SOURCE           SOURCE                          SOURCE             
TLOC ADDRESS     TLOC COLOR       SPI     IPv4             IPv6                            PORT    KEY HASH   
--------------------------------------------------------------------------------------------------------------    lte              256        ::                              12366   *****cfdc    lte              257        ::                              12366   *****cfdc

Release Information

Command introduced in Viptela Software Release 14.1.
In Release 15.2, command renamed from show tunnel local-sa.
In Release 16.3, add display for IPv6 source IP addresses.

  • Was this article helpful?