Install guide
88 IP Security (IPsec) Enhancements Release Note
Software Version 2.9.1
C613-10486-00 REV C
Improved Debugging Options for IPsec and ISAKMP
This Software Version allows you to use the show debug command to execute
a specific sequence of show commands useful for debugging IPsec and
ISAKMP. Use the command:
show debug ipsec
If you need to contact your authorised distributor or reseller regarding an
ISAKMP or IPsec problem, please include the output from the show debug
ipsec command, as well as any output you have captured from ISAKMP or
IPsec debugging. You will need to login to the router or switch as a security
officer to produce all the available show outputs.
Command Changes
The following table summarises the modified command:
Improved Output for IPsec and ISAKMP Counters
This Software Version includes additional output parameters, useful for
monitoring IPsec and ISAKMP activity, for these commands:
show ipsec policy counter
show isakmp counters
Command Changes
The following table summarises the modified commands:
Modified Expiry Timeout Limit for Security
Associations
This Software Version changes the maximum amount of kilobytes of data that
Security Associations (SAs) in a bundle can process before the bundle expires
and must be renegotiated. The maximum value you can set for expirykbytes is
now 4193280 in the command:
create ipsec bundlespecification=bundlespecification-id
keymanagement=isakmp string="bundle-string"
[expirykbytes=1..4193280] [expiryseconds=300..31449600]
set ipsec bundlespecification=bundlespecification-id
[expirykbytes=1..4193280] [expiryseconds=300..31449600]
The default for expirykbytes is now 4193280.
Command Change
show debug New ipsec parameter
Command Change
show ipsec policy counter New outBundleNotFound field
New outNoBundleSqos field
show isakmp counters New unexpectedMessage fields