Name: Cisco Firepower 4100
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

show ipsec-log

To view IPSec connection logs, use the show ipsec-log command.

show ipsec-log

Syntax Description

This command has no arguments or keywords.

Command Modes

IPSec mode

Command History

ModificationRelease

Command added.1.1(1)

Usage Guidelines

Use the set log-level command to change the amount of information displayed by these logs.

Example

This example shows how to display the contents of the IPSec log file:

FP9300-A # scope security

FP9300-A /security # scope ipsec

FP9300-A /security/ipsec # show ipsec-log

Feb 10 23:40:02 15[CFG] <test-connection|69> using trusted ca certificate "C=US, ST=CA,

L=SJC, O=Cisco, OU=STBU, CN=CA, E=ssp@ssp.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> reached self-signed root ca with a path

length of 0

Feb 10 23:40:02 15[CFG] <test-connection|69> crl correctly signed by "C=US, ST=CA, O=CA1,

OU=ca1, CN=InterCA1, E=ca1@ca.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> crl is valid: until Mar 12 22:30:51 2017

Feb 10 23:40:02 15[CFG] <test-connection|69> using cached crl

Feb 10 23:40:02 15[CFG] <test-connection|69> certificate status is good

Feb 10 23:40:02 15[CFG] <test-connection|69> using trusted ca certificate "C=US, ST=CA,

L=SJC, O=Cisco, OU=STBU, CN=CA, E=ssp@ssp.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> checking certificate status of "C=US, ST=CA,

O=CA1, OU=ca1, CN=InterCA1, E=ca1@ca.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> fetching crl from

'file:///opt/certstore/ssp2-tp.crl' ...

Feb 10 23:40:02 15[CFG] <test-connection|69> issuer of fetched CRL 'C=US, ST=CA, O=CA1,

OU=ca1, CN=InterCA1, E=ca1@ca.net' does not match CRL issuer

'56:71:f1:d9:b1:62:fd:c3:2b:4d:cb:6b:01:85:ea:75:e5:0e:99:0d'

Feb 10 23:40:02 15[CFG] <test-connection|69> fetching crl from

'http://192.168.0.81/interca_inuse.crl.pem' ...

Feb 10 23:40:02 15[CFG] <test-connection|69> using trusted certificate "C=US, ST=CA,

L=SJC, O=Cisco, OU=STBU, CN=CA, E=ssp@ssp.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> crl correctly signed by "C=US, ST=CA, L=SJC,

O=Cisco, OU=STBU, CN=CA, E=ssp@ssp.net"

Feb 10 23:40:02 15[CFG] <test-connection|69> crl is valid: until Mar 12 22:30:49 2017

Feb 10 23:40:02 15[CFG] <test-connection|69> certificate status is good

Feb 10 23:40:02 15[CFG] <test-connection|69> reached self-signed root ca with a path

length of 1

Feb 10 23:40:02 15[IKE] <test-connection|69> authentication of 'C=US, ST=CA, O=Cisco,

OU=STBU, CN=SSP, E=ssp@ssp.net' with RSA signature successful

Feb 10 23:40:02 15[IKE] <test-connection|69> IKE_SA test-connection[69] established between

192.168.0.174[C=US, ST=CA, O=Cisco, OU=STBU, CN=SSP]

Cisco Firepower 4100/9300 FXOS Command Reference

298

S Commands

show ipsec-log

Brand	Cisco
Model	Firepower 4100
Category	Firewall
Language	English

Cisco Firepower 4100 Command Reference

Table of Contents

Other manuals for Cisco Firepower 4100

Questions and Answers:

Cisco Firepower 4100 Specifications

Related product manuals