Monitoring and Maintaining the SA-VAM2+
To see if the IKE/IPSec packets are being redirected to the SA-VAM2+ for IKE negotiation and IPSec
encryption and decryption, enter the show crypto eli command. The following is sample output when
Cisco IOS software redirects packets to SA-VAM2+:
Router# show crypto eli
Hardware Encryption Layer :
Number of crypto engines = 1 .
CryptoEngine-0 (slot-5) details.
Capability-IPSec :IPPCP, 3DES, AES, RSA
IKE-Session
DH-Key
IPSec-Session :
When the software crypto engine is active, the show crypto eli command yields no output.
During bootup or OIR, when the Cisco IOS software agrees to redirect crypto traffic to the SA-VAM2+,
it prints a message similar to the following:
%ISA-6-INFO:Recognised crypto engine (0) at slot-1
To disable the SA-VAM2+, use the configuration mode no crypto engine accelerator <slot> command,
as follows:
Router(config)# no crypto engine accelerator <slot>
Monitoring and Maintaining the SA-VAM2+
Use the commands that follow to monitor and maintain the SA-VAM2+:
Command
Router# show pas vam interface
Router# show pas vam controller
Router# Show version
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
4-26
:
0 active,
:
0 active,
0 active, 10230 max, 0 failed
...switching to hardware crypto engine
Router#
...switching to software crypto engine
*Oct
2 20:00:44 GMT:%VPN_HW-6-INFO:slot:4 Crypto Engine 0 in slot 4 going DOWN
*Oct
2 20:00:44 GMT: Changing crypto engine :Service Adapter:4 state change to:
DISABLED
*Oct
2 20:00:44 GMT:%ISA-1-ERROR:Slot-4:VAM2+ User initiated shutdown.
ACTIVE
5120 max, 0 failed
5120 max, 0 failed
Purpose
Verifies the SA-VAM2+ is currently processing crypto
packets.
Displays the SA-VAM2+ controller configuration.
Displays integrated service adapter as part of the interfaces.
Chapter 4
Configuring the SA-VAM2+
OL-5979-03