-
Cisco Security Appliance Command Reference, Version 7.1
-
About this Guide
-
Using the Command Line Interface
-
aaa accounting through accounting-server-group
-
acl-netmask-convert through auto-update timeout Commands
-
backup-servers through browse networks Commands
-
cache through clear compression Commands
-
clear configure through clear configure vpn-load-balancing Commands
-
clear console-output through clear xlate Commands
-
client-access-rule through crl-configure Commands
-
crypto ca authenticate through customization Commands
-
debug aaa through debug xdmcp Commands
-
default through duplex Commands
-
email through functions Commands
-
gateway through hw-module module shutdown Commands
-
icmp through imap4s Commands
-
inspect ctiqbe through inspect xdmcp Commands
-
interface-dhcp through issuer-name Commands
-
join-failover-group through kill Commands
-
ldap-attribute-map through log-adj-changes Commands
-
logging asdm through logout message Commands
-
mac-address through multicast-routing Commands
-
name through override-account-disable Commands
-
page style through pwd Commands
-
queue-limit through routerospf Commands
-
same-security-traffic through show asdm sessions Commands
-
show asp drop through show curpriv Commands
-
show debug through show ipv6 traffic Commands
-
show isakmp sa through show route Commands
-
show running-config through show running-config isakmp Commands
-
show running-config ldap through show running-config webvpn auto-signon Commands
-
show service-policy through show webvpn svc Commands
-
shun through sysopt uauth allow-http-cache Commands
-
tcp-map through tx-ring-limit Commands
-
urgent-flag through write terminal Commands
-
Feedback
Table Of Contents
show service-policy through show webvpn svc Commands
show service-policy inspect gtp
show service-policy through show webvpn svc Commands
show service-policy
To display the configured service policies, use the service-policy command in global configuration mode.
show service-policy [global | interface intf] [csc | inspect | ips | police | priority]
show service-policy [global | interface intf] [set connection [details]]
show service-policy [global | interface intf] [flow protocol {host src_host | src_ip src_mask} [eq src_port] {host dest_host | dest_ip dest_mask} [eq dest_port] [icmp_number | icmp_control_message]]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
·
·
·
·
·
Command History
7.0(1)
This command was introduced.
7.1(1)
This command was modified to add the csc keyword.
Usage Guidelines
The flow keyword lets you determine, for any flow that you can describe, the policies that the security appliance would apply to that flow. You can use this to check that your service policy configuration will provide the services you want for specific connections. The arguments and keywords following the flow keyword specifies the flow in ip-5-tuple format with no object grouping.
Because the flow is described in ip-5-tuple format, not all match criteria are supported. Following are the list of match criteria that are supported for flow match:
•
match access-list
•
•
•
The priority keyword is used to display the aggregate counter values of packets transmitted through an interface.
The number of embryonic connections displayed in the show service-policy command output indicates the current number of embryonic connections to an interface for traffic matching that defined by the class-map command. The
embryonic-conn-maxfield shows the maximum embryonic limit configured for the traffic class using the Modular Policy Framework. If the current embryonic connections displayed equals or exceeds the maximum, TCP intercept is applied to new TCP connections that match the traffic type defined by the class-map command.protocol Argument Values
The following are valid values for the protocol argument:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
icmp_control_message Argument Values
The following are valid values for the icmp_control_message argument:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Examples
The following example shows the syntax of the show service-policy command:
hostname# show service-policy globalGlobal policy:Service-policy: inbound_policyClass-map: ftp-portInspect: ftp strict inbound_ftp, packet 0, drop 0, reset-drop 0hostname# show service-policy priorityInterface outside:Global policy:Service-policy: sa_global_fw_policyInterface outside:Service-policy: ramapClass-map: clientmapPriority:Interface outside: aggregate drop 0, aggregate transmit 5207048Class-map: udpmapPriority:Interface outside: aggregate drop 0, aggregate transmit 5207048Class-map: cmaphostname# show service-policy flow udp host 209.165.200.229 host 209.165.202.158 eq 5060Global policy:Service-policy: f1_global_fw_policyClass-map: inspection_defaultMatch: default-inspection-trafficAction:Input flow: inspect sipInterface outside:Service-policy: testClass-map: testMatch: access-list testAccess rule: permit ip 209.165.200.229 255.255.255.224 209.165.202.158 255.255.255.224Action:Input flow: ids inlineInput flow: set connection conn-max 10 embryonic-conn-max 20Related Commands
show service-policy inspect gtp
To display the GTP configuration, use the show service-policy inspect gtp command in privileged EXEC mode.
show service-policy [interface int] inspect gtp {pdp-context [apn ap_name | detail | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num ] | pdpmcb | requests | statistics [gsn IP_address] }
Syntax Description
.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
You can use the vertical bar | to filter the display. Type | for more display filtering options.
The show pdp-context command displays PDP context-related information.
The Packet Data Protocol context is identified by the tunnel ID, which is a combination of IMSI and NSAPI. A GTP tunnel is defined by two associated PDP Contexts in different GSN nodes and is identified with a Tunnel ID. A GTP tunnel is necessary to forward packets between an external packet data network and a mobile station user.
The show gtp requests command displays current requests in the request queue.Examples
The following is sample output from the show gtp requests command:
hostname# show gtp requests0 in use, 0 most used, 200 maximum allowedYou can use the vertical bar | to filter the display, as in the following example:
hostname# show service-policy gtp statistics | grep gsnThis example shows the GTP statistics with the word gsn in the output.
The following command shows the statistics for GTP inspection:
hostname# show service-policy inspect gtp statisticsGPRS GTP Statistics:version_not_support | 0 | msg_too_short | 0unknown_msg | 0 | unexpected_sig_msg | 0unexpected_data_msg | 0 | ie_duplicated | 0mandatory_ie_missing | 0 | mandatory_ie_incorrect | 0optional_ie_incorrect | 0 | ie_unknown | 0ie_out_of_order | 0 | ie_unexpected | 0total_forwarded | 0 | total_dropped | 0signalling_msg_dropped | 0 | data_msg_dropped | 0signalling_msg_forwarded | 0 | data_msg_forwarded | 0total created_pdp | 0 | total deleted_pdp | 0total created_pdpmcb | 0 | total deleted_pdpmcb | 0pdp_non_existent | 0The following command displays information about the PDP contexts:
hostname# show service-policy inspect gtp pdp-context1 in use, 1 most used, timeout 0:00:00Version TID | MS Addr | SGSN Addr | Idle | APNv1 | 1234567890123425 | 1.1.1.1 | 11.0.0.2 0:00:13 gprs.cisco.com| user_name (IMSI): 214365870921435 | MS address: | 1.1.1.1| primary pdp: Y | nsapi: 2| sgsn_addr_signal: | 11.0.0.2 | sgsn_addr_data: | 11.0.0.2| ggsn_addr_signal: | 9.9.9.9 | ggsn_addr_data: | 9.9.9.9| sgsn control teid: | 0x000001d1 | sgsn data teid: | 0x000001d3| ggsn control teid: | 0x6306ffa0 | ggsn data teid: | 0x6305f9fc| seq_tpdu_up: | 0 | seq_tpdu_down: | 0| signal_sequence: | 0| upstream_signal_flow: | 0 | upstream_data_flow: | 0| downstream_signal_flow: | 0 | downstream_data_flow: | 0| RAupdate_flow: | 0Table 30-1 describes each column the output from the show service-policy inspect gtp pdp-context command.
Related Commands
show shun
To display shun information, use the show shun command in privileged EXEC mode.
show shun [src_ip | statistics]
Syntax Description
src_ip
(Optional) Displays the information for that address.
statistics
(Optional) Displays the interface counters only.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show shun command:
hostname# show shunshun (outside) 10.1.1.27 10.2.2.89 555 666 6shun (inside1) 10.1.1.27 10.2.2.89 555 666 6Related Commands
show sip
To display SIP sessions, use the show sip command in privileged EXEC mode.
show sip
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show sip command assists in troubleshooting SIP inspection engine issues and is described with the inspect protocol sip udp 5060 command. The show timeout sip command displays the timeout value of the designated protocol.
The show sip command displays information for SIP sessions established across the security appliance. Along with the debug sip and show local-host commands, this command is used for troubleshooting SIP inspection engine issues.
Note
Examples
The following is sample output from the show sip command:
hostname# show sipTotal: 2call-id c3943000-960ca-2e43-228f@10.130.56.44| state Call init, idle 0:00:01call-id c3943000-860ca-7e1f-11f7@10.130.56.45| state Active, idle 0:00:06This sample shows two active SIP sessions on the security appliance (as shown in the
Totalfield). Eachcall-idrepresents a call.The first session, with the
call-idc3943000-960ca-2e43-228f@10.130.56.44, is in the stateCall Init,which means the session is still in call setup. Call setup is complete only when the ACK is seen. This session has been idle for 1 second.The second session is in the state
Active, in which call setup is complete and the endpoints are exchanging media. This session has been idle for 6 seconds.Related Commands
show skinny
To troubleshoot SCCP (Skinny) inspection engine issues, use the show skinny command in privileged EXEC mode.
show skinny
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues.
Examples
The following is sample output from the show skinny command under the following conditions. There are two active Skinny sessions set up across the security appliance. The first one is established between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at 172.18.1.33. TCP port 2000 is the CallManager. The second one is established between another internal Cisco IP Phone at local address 10.0.0.22 and the same Cisco CallManager.
hostname# show skinnyLOCAL FOREIGN STATE---------------------------------------------------------------1 10.0.0.11/52238 172.18.1.33/2000 1MEDIA 10.0.0.11/22948 172.18.1.22/207982 10.0.0.22/52232 172.18.1.33/2000 1MEDIA 10.0.0.22/20798 172.18.1.11/22948The output indicates a call has been established between both internal Cisco IP Phones. The RTP listening ports of the first and second phones are UDP 22948 and 20798 respectively.
The following is the xlate information for these Skinny connections:
hostname# show xlate debug2 in use, 2 most usedFlags: D | DNS, d | dump, I | identity, i | inside, n | no random,| o | outside, r | portmap, s | staticNAT from inside:10.0.0.11 to outside:172.18.1.11 flags si idle 0:00:16 timeout 0:05:00NAT from inside:10.0.0.22 to outside:172.18.1.22 flags si idle 0:00:14 timeout 0:05:00Related Commands
show snmp-server statistics
To display information about the SNMP server statistics, use the show snmp-server statistics command in privileged EXEC mode.
show snmp-server statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
·
·
·
·
Command History
Examples
This example shows how to display the SNMP server statistics:
hostname# show snmp-server statistics0 SNMP packets input0 Bad SNMP version errors0 Unknown community name0 Illegal operation for community name supplied0 Encoding errors0 Number of requested variables0 Number of altered variables0 Get-request PDUs0 Get-next PDUs0 Get-bulk PDUs0 Set-request PDUs (Not supported)0 SNMP packets output0 Too big errors (Maximum packet size 512)0 No such name errors0 Bad values errors0 General errors0 Response PDUs0 Trap PDUsRelated Commands
Provides the security appliance event information through SNMP.
Disables the Simple Network Management Protocol (SNMP) server.
Displays the SNMP server configuration.
show ssh sessions
To display information about the active SSH session on the security appliance, use the show ssh sessions command in privileged EXEC mode.
show ssh sessions [ip_address]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The SID is a unique number that identifies the SSH session. The Client IP is the IP address of the system running an SSH client. The Version is the protocol version number that the SSH client supports. If the SSH only supports SSH version 1, then the Version column displays 1.5. If the SSH client supports both SSH version 1 and SSH version 2, then the Version column displays 1.99. If the SSH client only supports SSH version 2, then the Version column displays 2.0. The Encryption column shows the type of encryption that the SSH client is using. The State column shows the progress that the client is making as it interacts with the security appliance. The Username column lists the login username that has been authenticated for the session.
Examples
The following example demonstrates the output of the show ssh sessions command:
hostname# show ssh sessionsSID Client IP Version Mode Encryption Hmac State Username0 172.69.39.39 1.99 IN aes128-cbc md5 SessionStarted patOUT aes128-cbc md5 SessionStarted pat1 172.23.56.236 1.5 - 3DES - SessionStarted pat2 172.69.39.29 1.99 IN 3des-cbc sha1 SessionStarted patOUT 3des-cbc sha1 SessionStarted patRelated Commands
ssh disconnect
Disconnects an active SSH session.
ssh timeout
Sets the timeout value for idle SSH sessions.
show startup-config
To show the startup configuration or to show any errors when the startup configuration loaded, use the show startup-config command in privileged EXEC mode.
show startup-config [errors]
Syntax Description
errors
(Optional) Shows any errors that were generated when the security appliance loaded the startup configuration.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
1 The errors keyword is only available in single mode and the system execution space,
Command History
Usage Guidelines
In multiple context mode, this command shows the startup configuration for your current execution space: the system configuration or the security context.
To clear the startup errors from memory, use the clear startup-config errors command.
Examples
The following is sample output from the show startup-config command:
hostname# show startup-config: Saved: Written by enable_15 at 01:44:55.598 UTC Thu Apr 17 2003Version 7.0(0)28!interface GigabitEthernet0/0nameif insidesecurity-level 100ip address 10.86.194.60 255.255.254.0webvpn enable!interface GigabitEthernet0/1shutdownnameif testsecurity-level 0ip address 10.10.4.200 255.255.0.0!...!enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptedhostname firewall1domain-name example.comboot system disk0:/cdisk.binftp mode passivenamesname 10.10.4.200 outsideaccess-list xyz extended permit ip host 192.168.0.4 host 150.150.0.3!ftp-map ftp_map!ftp-map inbound_ftpdeny-request-cmd appe stor stou!...Cryptochecksum:4edf97923899e712ed0da8c338e07e63The following is sample output from the show startup-config errors command:
hostname# show startup-config errorsERROR: 'Mac-addresses': invalid resource name*** Output from config line 18, " limit-resource Mac-add..."INFO: Admin context is required to get the interfaces*** Output from config line 30, "arp timeout 14400"Creating context 'admin'... WARNING: Invoked the stub function ibm_4gs3_context_set_max_mgmt_sessWARNING: Invoked the stub function ibm_4gs3_context_set_max_mgmt_sessDone. (1)*** Output from config line 33, "admin-context admin"WARNING: VLAN *24* is not configured.*** Output from config line 12, context 'admin', " nameif inside".....*** Output from config line 37, " config-url disk:/admin..."Related Commands
clear startup-config errors
Clears the startup errors from memory.
show running-config
Shows the running configuration.
show sunrpc-server active
To display the pinholes open for Sun RPC services, use the show sunrpc-server active command in privileged EXEC mode.
show sunrpc-server active
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Use the show sunrpc-server active command to display the pinholes open for Sun RPC services, such as NFS and NIS.
Examples
To display the pinholes open for Sun RPC services, enter the show sunrpc-server active command. The following is sample output from the show sunrpc-server active command:
hostname# show sunrpc-server activeLOCAL FOREIGN SERVICE TIMEOUT-----------------------------------------------192.168.100.2/0 209.165.200.5/32780 100005 00:10:00Related Commands
show tcpstat
To display the status of the security appliance TCP stack and the TCP connections that are terminated on the security appliance (for debugging), use the show tcpstat command in privileged EXEC mode. This command supports IPv4 and IPv6 addresses.
show tcpstat
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The show tcpstat command allows you to display the status of the TCP stack and TCP connections that are terminated on the security appliance. The TCP statistics displayed are described in Table 28.
Examples
This example shows how to display the status of the TCP stack on the security appliance:
hostname# show tcpstatCURRENT MAX TOTALtcb_cnt 2 12 320proxy_cnt 0 0 160tcp_xmt pkts = 540591tcp_rcv good pkts = 6583tcp_rcv drop pkts = 2tcp bad chksum = 0tcp user hash add = 2028tcp user hash add dup = 0tcp user srch hash hit = 316753tcp user srch hash miss = 6663tcp user hash delete = 2027tcp user hash delete miss = 0lip = 172.23.59.230 fip = 10.21.96.254 lp = 443 fp = 2567 st = 4 rexqlen = 0in0tw_timer = 0 to_timer = 179000 cl_timer = 0 per_timer = 0rt_timer = 0tries 0Related Commands
show tech-support
To display the information that is used for diagnosis by technical support analysts, use the show tech-support command in privileged EXEC mode.
show tech-support [detail | file | no-config]
Syntax Description
detail
(Optional) Lists detailed information.
file
(Optional) Writes the output of the command to a file.
no-config
(Optional) Excludes the output of the running configuration.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Usage Guidelines
The show tech-support command lets you list information that technical support analysts need to help you diagnose problems. This command combines the output from the show commands that provide the most information to a technical support analyst.
Examples
The following example shows how to display information that is used for technical support analysis, excluding the output of the running configuration:
hostname# show tech-support no-configCisco XXX Firewall Version X.X(X)Cisco Device Manager Version X.X(X)Compiled on Fri 15-Apr-05 14:35 by rootXXX up 2 days 8 hoursHardware: XXX, 64 MB RAM, CPU Pentium 200 MHzFlash i28F640J5 @ 0x300, 16MBBIOS Flash AT29C257 @ 0xfffd8000, 32KB0: ethernet0: address is 0003.e300.73fd, irq 101: ethernet1: address is 0003.e300.73fe, irq 72: ethernet2: address is 00d0.b7c8.139e, irq 9Licensed Features:Failover: DisabledVPN-DES: EnabledVPN-3DES-AES: DisabledMaximum Interfaces: 3Cut-through Proxy: EnabledGuards: EnabledURL-filtering: EnabledInside Hosts: UnlimitedThroughput: UnlimitedIKE peers: UnlimitedThis XXX has a Restricted (R) license.Serial Number: 480430455 (0x1ca2c977)Running Activation Key: 0xc2e94182 0xc21d8206 0x15353200 0x633f6734Configuration last modified by enable_15 at 23:05:24.264 UTC Sat Nov 16 2002------------------ show clock ------------------00:08:14.911 UTC Sun Apr 17 2005------------------ show memory ------------------Free memory: 50708168 bytesUsed memory: 16400696 bytes------------- ----------------Total memory: 67108864 bytes------------------ show conn count ------------------0 in use, 0 most used------------------ show xlate count ------------------0 in use, 0 most used------------------ show blocks ------------------SIZE MAX LOW CNT4 1600 1600 160080 400 400 400256 500 499 5001550 1188 795 919------------------ show interface ------------------interface ethernet0 "outside" is up, line protocol is upHardware is i82559 ethernet, address is 0003.e300.73fdIP address 172.23.59.232, subnet mask 255.255.0.0MTU 1500 bytes, BW 10000 Kbit half duplex1267 packets input, 185042 bytes, 0 no bufferReceived 1248 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort20 packets output, 1352 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 9 deferred0 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (13/128) software (0/2)output queue (curr/max blocks): hardware (0/1) software (0/1)interface ethernet1 "inside" is up, line protocol is downHardware is i82559 ethernet, address is 0003.e300.73feIP address 10.1.1.1, subnet mask 255.255.255.0MTU 1500 bytes, BW 10000 Kbit half duplex0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort1 packets output, 60 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred1 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (128/128) software (0/0)output queue (curr/max blocks): hardware (0/1) software (0/1)interface ethernet2 "intf2" is administratively down, line protocol is downHardware is i82559 ethernet, address is 00d0.b7c8.139eIP address 127.0.0.1, subnet mask 255.255.255.255MTU 1500 bytes, BW 10000 Kbit half duplex0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (128/128) software (0/0)output queue (curr/max blocks): hardware (0/0) software (0/0)------------------ show cpu usage ------------------CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%------------------ show process ------------------PC SP STATE Runtime SBASE Stack ProcessHsi 001e3329 00763e7c 0053e5c8 0 00762ef4 3784/4096 arp_timerLsi 001e80e9 00807074 0053e5c8 0 008060fc 3832/4096 FragDBGCLwe 00117e3a 009dc2e4 00541d18 0 009db46c 3704/4096 dbgtraceLwe 003cee95 009de464 00537718 0 009dc51c 8008/8192 LoggerHwe 003d2d18 009e155c 005379c8 0 009df5e4 8008/8192 tcp_fastHwe 003d2c91 009e360c 005379c8 0 009e1694 8008/8192 tcp_slowLsi 002ec97d 00b1a464 0053e5c8 0 00b194dc 3928/4096 xlate cleanLsi 002ec88b 00b1b504 0053e5c8 0 00b1a58c 3888/4096 uxlate cleanMwe 002e3a17 00c8f8d4 0053e5c8 0 00c8d93c 7908/8192 tcp_intercept_timesLsi 00423dd5 00d3a22c 0053e5c8 0 00d392a4 3900/4096 route_processHsi 002d59fc 00d3b2bc 0053e5c8 0 00d3a354 3780/4096 XXX Garbage CollecrHwe 0020e301 00d5957c 0053e5c8 0 00d55614 16048/16384 isakmp_time_keeprLsi 002d377c 00d7292c 0053e5c8 0 00d719a4 3928/4096 perfmonHwe 0020bd07 00d9c12c 0050bb90 0 00d9b1c4 3944/4096 IPSecMwe 00205e25 00d9e1ec 0053e5c8 0 00d9c274 7860/8192 IPsec timer handlerHwe 003864e3 00db26bc 00557920 0 00db0764 6952/8192 qos_metric_daemonMwe 00255a65 00dc9244 0053e5c8 0 00dc8adc 1436/2048 IP BackgroundLwe 002e450e 00e7bb94 00552c30 0 00e7ad1c 3704/4096 XXX/traceLwe 002e471e 00e7cc44 00553368 0 00e7bdcc 3704/4096 XXX/tconsoleHwe 001e5368 00e7ed44 00730674 0 00e7ce9c 7228/8192 XXX/intf0Hwe 001e5368 00e80e14 007305d4 0 00e7ef6c 7228/8192 XXX/intf1Hwe 001e5368 00e82ee4 00730534 2470 00e8103c 4892/8192 XXX/intf2H* 0011d7f7 0009ff2c 0053e5b0 780 00e8511c 13004/16384 ci/consoleCsi 002dd8ab 00e8a124 0053e5c8 0 00e891cc 3396/4096 update_cpu_usageHwe 002cb4d1 00f2bfbc 0051e360 0 00f2a134 7692/8192 uauth_inHwe 003d17d1 00f2e0bc 00828cf0 0 00f2c1e4 7896/8192 uauth_threadHwe 003e71d4 00f2f20c 00537d20 0 00f2e294 3960/4096 udp_timerHsi 001db3ca 00f30fc4 0053e5c8 0 00f3004c 3784/4096 557mcfixCrd 001db37f 00f32084 0053ea40 121094970 00f310fc 3744/4096 557pollLsi 001db435 00f33124 0053e5c8 0 00f321ac 3700/4096 557timerHwe 001e5398 00f441dc 008121e0 0 00f43294 3912/4096 fover_ip0Cwe 001dcdad 00f4523c 00872b48 20 00f44344 3528/4096 ip/0:0Hwe 001e5398 00f4633c 008121bc 0 00f453f4 3532/4096 icmp0Hwe 001e5398 00f47404 00812198 0 00f464cc 3896/4096 udp_thread/0Hwe 001e5398 00f4849c 00812174 0 00f475a4 3832/4096 tcp_thread/0Hwe 001e5398 00f495bc 00812150 0 00f48674 3912/4096 fover_ip1Cwe 001dcdad 00f4a61c 008ea850 0 00f49724 3832/4096 ip/1:1Hwe 001e5398 00f4b71c 0081212c 0 00f4a7d4 3912/4096 icmp1Hwe 001e5398 00f4c7e4 00812108 0 00f4b8ac 3896/4096 udp_thread/1Hwe 001e5398 00f4d87c 008120e4 0 00f4c984 3832/4096 tcp_thread/1Hwe 001e5398 00f4e99c 008120c0 0 00f4da54 3912/4096 fover_ip2Cwe 001e542d 00f4fa6c 00730534 0 00f4eb04 3944/4096 ip/2:2Hwe 001e5398 00f50afc 0081209c 0 00f4fbb4 3912/4096 icmp2Hwe 001e5398 00f51bc4 00812078 0 00f50c8c 3896/4096 udp_thread/2Hwe 001e5398 00f52c5c 00812054 0 00f51d64 3832/4096 tcp_thread/2Hwe 003d1a65 00f78284 008140f8 0 00f77fdc 300/1024 listen/http1Mwe 0035cafa 00f7a63c 0053e5c8 0 00f786c4 7640/8192 Crypto CA------------------ show failover ------------------No license for Failover------------------ show traffic ------------------outside:received (in 205213.390 secs):1267 packets 185042 bytes0 pkts/sec 0 bytes/sectransmitted (in 205213.390 secs):20 packets 1352 bytes0 pkts/sec 0 bytes/secinside:received (in 205215.800 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 205215.800 secs):1 packets 60 bytes0 pkts/sec 0 bytes/secintf2:received (in 205215.810 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 205215.810 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sec------------------ show perfmon ------------------PERFMON STATS: Current AverageXlates 0/s 0/sConnections 0/s 0/sTCP Conns 0/s 0/sUDP Conns 0/s 0/sURL Access 0/s 0/sURL Server Req 0/s 0/sTCP Fixup 0/s 0/sTCPIntercept 0/s 0/sHTTP Fixup 0/s 0/sFTP Fixup 0/s 0/sAAA Authen 0/s 0/sAAA Author 0/s 0/sAAA Account 0/s 0/sRelated Commands
show traffic
To display interface transmit and receive activity, use the show traffic command in privileged EXEC mode.
show traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show traffic command lists the number of packets and bytes moving through through each interface since the last show traffic command was entered or since the security appliance came online. The number of seconds is the duration the security appliance has been online since the last reboot, unless the clear traffic command was entered since the last reboot. If this is the case, then the number of seconds is the duration since that command was entered.
Examples
The following example shows output from the show traffic command:
hostname# show trafficoutside: received (in 102.080 secs): 2048 packets 204295 bytes 20 pkts/sec 2001 bytes/sec transmitted (in 102.080 secs): 2048 packets 204056 bytes 20 pkts/sec 1998 bytes/sec Ethernet0: received (in 102.080 secs): 2049 packets 233027 bytes 20 pkts/sec 2282 bytes/sec transmitted (in 102.080 secs): 2048 packets 232750 bytes 20 pkts/sec 2280 bytes/secRelated Commands
show uauth
To display one or all currently authenticated users, the host IP to which they are bound, and any cached IP and port authorization information, use the show uauth command in privileged EXEC mode.
show uauth [username]
Syntax Description
username
(Optional) Specifies, by username, the user authentication and authorization information to display.
Defaults
Omitting username displays the authorization information for all users.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
The show uauth command displays the AAA authorization and authentication caches for one user or for all users.
This command is used with the timeout command.
Each user host IP address has an authorization cache attached to it. The cache allows up to 16 address and service pairs for each user host. If the user attempts to access a service that has been cached from the correct host, the security appliance considers it preauthorized and immediately proxies the connection. Once you are authorized to access a website, for example, the authorization server is not contacted for each image as it is loaded (assuming the images come from the same IP address). This process significantly increases performance and reduces the load on the authorization server.
The output from the show uauth command displays the username that is provided to the authorization server for authentication and authorization purposes, the IP address to which the username is bound, and whether the user is authenticated only or has cached services.
Note
Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all the authorization caches for all the users, which will cause them to have to reauthenticate the next time that they create a connection.
Examples
This example shows sample output from the show uauth command when no users are authenticated and one user authentication is in progress:
hostname(config)# show uauthCurrent Most SeenAuthenticated Users 0 0Authen In Progress 0 1This example shows sample output from the show uauth command when three users are authenticated and authorized to use services through the security appliance:
hostname(config)# show uauthuser `pat' from 209.165.201.2 authenticateduser `robin' from 209.165.201.4 authorized to:port 192.168.67.34/telnet 192.168.67.11/http 192.168.67.33/tcp/8001192.168.67.56/tcp/25 192.168.67.42/ftpuser `terry' from 209.165.201.7 authorized to:port 192.168.1.50/http 209.165.201.8/httpRelated Commands
clear uauth
Remove current user authentication and authorization information.
timeout
Set the maximum idle time duration.
show url-block
To display the number of packets held in the url-block buffer and the number (if any) dropped due to exceeding the buffer limit or retransmission, use the show url-block command in privileged EXEC mode.
show url-block [block statistics]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show url-block block statistics command displays the number of packets held in the url block buffer and the number (if any) dropped due to exceeding the buffer limit or retransmission.
Examples
The following is sample output from the show url-block command:
hostname# show url-block| url-block url-mempool 128 | url-block url-size 4 | url-block block 128This shows the configuration of the URL block buffer.
The following is sample output from the show url-block block statistics command:
hostname# show url-block block statisticsURL Pending Packet Buffer Stats with max block 128 |Cumulative number of packets held: | 896Maximum number of packets held (per URL): | 3Current number of packets held (global): | 38Packets dropped due to| exceeding url-block buffer limit: | 7546| HTTP server retransmission: | 10Number of packets released back to client: | 0Related Commands
show url-cache statistics
To display information about the url-cache, which is used for URL responses received from an N2H2 or Websense filtering server, use the show url-cache statistics command in privileged EXEC mode.
show url-cache statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show url-cache statistics command displays the following entries:
•
•
•
•
•
You can view additional information about N2H2 Sentian or Websense filtering activity with the show perfmon command.
Examples
The following is sample output from the show url-cache statistics command:
hostname# show url-cache statisticsURL Filter Cache Stats----------------------| Size : 1KBEntries : 36In Use : 30Lookups : 300| Hits : 290Related Commands
show url-server
To display information about the URL filtering server, use the show url-server command in privileged EXEC mode.
show url-server statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show url-server statistics command displays the URL server vendor; number of URLs total, allowed, and denied; number of HTTPS connections total, allowed, and denied; number of TCP connections total, allowed, and denied; and the URL server status.
The show url-server command displays the following information:
•
•
Examples
The following is sample output from the show url-server statistics command:
hostname## show url-server statisticsURL Server Statistics: |Vendor websenseHTTPs total/allowed/denied 0/0/0HTTPSs total/allowed/denied 0/0/0FTPs total/allowed/denied 0/0/0 |URL Server Status: |172.23.58.103 UP |URL Packets Send and Receive Stats: |Message Send ReceiveSTATUS_REQUEST 200 200LOOKUP_REQUEST 10 10LOG_REQUEST 20 NARelated Commands
show version
To display the software version, hardware configuration, license key, and related uptime data, use the show version command in user EXEC mode.
show version
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show version command allows you to display the software version, operating time since the last reboot, processor type, Flash partition type, interface boards, serial number (BIOS ID), activation key value, license type (R or UR), and time stamp for when the configuration was last modified.
The serial number listed with the show version command is for the Flash partition BIOS. This number is different from the serial number on the chassis. When you get a software upgrade, you will need the serial number that appears in the show version command, not the chassis number.
Note
Examples
The following example shows how to display the software version, hardware configuration, license key, and related uptime information:
hostname# show versionCisco PIX Security Appliance Software Version 7.0(4)Device Manager Version 5.0(4)Compiled on Tue 27-Sep-05 10:41 by rootSystem image file is "flash:/cdisk.bin"Config file at boot was "startup-config"pix2 up 7 days 7 hoursHardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHzFlash E28F128J3 @ 0xfff00000, 16MBBIOS Flash AM29F400B @ 0xfffd8000, 32KB0: Ext: Ethernet0 : address is 0011.2094.1d2b, irq 101: Ext: Ethernet1 : address is 0011.2094.1d2c, irq 11Licensed features for this platform:Maximum Physical Interfaces : 6Maximum VLANs : 25Inside Hosts : UnlimitedFailover : Active/ActiveVPN-DES : EnabledVPN-3DES-AES : EnabledCut-through Proxy : EnabledGuards : EnabledURL Filtering : EnabledSecurity Contexts : 5GTP/GPRS : EnabledVPN Peers : UnlimitedThis platform has an Unrestricted (UR) license.Serial Number: 808184143Running Activation Key: 0xcf22f25d 0xec1c3174 0x8cb138a0 0xaad8b878 0x4f32fd90Configuration last modified by enable_15 at 14:18:26.103 UTC Thu Oct 6 2005hostname#Related Commands
show hardware
Displays detail hardware information.
show serial
Displays the hardware serial information.
show uptime
Displays how long the security appliance has been up.
show vpn load-balancing
To display the runtime statistics for the VPN load-balancing virtual cluster configuration, use the show vpn-load-balancing command in global configuration, privileged EXEC, or VPN load-balancing mode.
show vpn load-balancing
Syntax Description
This command has no variables or arguments.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
—
•
—
—
Privileged EXEC
•
—
•
—
—
vpn load-balancing
•
—
•
—
—
Command History
7.0(1)
This command was introduced.
7.1(1)
Added separate IPSec and SSL columns for both Load (%) display and Session display in the output example.
Usage Guidelines
The show vpn load-balancing command displays statistical information for the virtual VPN load-balancing cluster. If the local device is not participating in the VPN load-balancing cluster, this command indicates that VPN load balancing has not been configured for this device.
The asterisk (*) in the output indicates the IP address of the security appliance to which you are connected.
Examples
This example displays show vpn load-balancing command and its output for a situation in which the local device is participating in the VPN load-balancing cluster:
hostname(config-load-balancing)# show vpn load-balancingStatus: enabled Role: Master Failover: n/a Encryption: enabled Cluster IP: 192.168.1.100 Peers: 1Load (%) SessionsPublic IP Role Pri Model IPSec SSL IPSec SSL ---------------------------------------------------------------------------- * 192.168.1.40 Master 10 PIX-515 0 0 0 0 192.168.1.110 Backup 5 PIX-515 0 0 0 0 hostname(config-load-balancing)#If the local device is not participating in the VPN load-balancing cluster, the show vpn load-balancing command shows a different result:
hostname(config)# show vpn load-balancingVPN Load Balancing has not been configured.Related Commands
show vpn-sessiondb
To display information about VPN sessions, use the show vpn-sessiondb command in privileged EXEC mode. The command includes options for displaying information in full or in detail, lets you specify type of sessions to display, and provides options to filter and sort the information. The syntax table and usage notes organize the choices accordingly.
show vpn-sessiondb [detail] [full] {remote | l2l | index indexnumber | webvpn | email-proxy} [filter {name username | ipaddress IPaddr | a-ipaddress IPaddr | p-ipaddress IPaddr | tunnel-group groupname | protocol protocol-name | encryption encryption-algo}]
[sort {name | ipaddress | a-ipaddress | p-ip address | tunnel-group | protocol | encryption}]Syntax Description
s
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
You can use the following options to filter and to sort the session display:
The following example, entered in privileged EXEC mode, shows detailed information about LAN-to-LAN sessions:
hostname#show vpn-sessiondb detail l2lSession Type: LAN-to-LAN DetailedConnection : 172.16.0.1Index : 1 IP Addr : 172.16.0.1Protocol : IPSecLAN2LAN Encryption : AES256Bytes Tx : 48484156 Bytes Rx : 875049248Login Time : 09:32:03 est Mon Aug 2 2004Duration : 6:16:26Filter Name :IKE Sessions: 1 IPSec Sessions: 2IKE:Session ID : 1UDP Src Port : 500 UDP Dst Port : 500IKE Neg Mode : Main Auth Mode : preSharedKeysEncryption : AES256 Hashing : SHA1Rekey Int (T): 86400 Seconds Rekey Left(T): 63814 SecondsD/H Group : 5IPSec:Session ID : 2Local Addr : 10.0.0.0/255.255.255.0Remote Addr : 209.165.201.30/255.255.255.0Encryption : AES256 Hashing : SHA1Encapsulation: Tunnel PFS Group : 5Rekey Int (T): 28800 Seconds Rekey Left(T): 10903 SecondsBytes Tx : 46865224 Bytes Rx : 2639672Pkts Tx : 1635314 Pkts Rx : 37526IPSec:Session ID : 3Local Addr : 10.0.0.1/255.255.255.0Remote Addr : 209.165.201.30/255.255.255.0Encryption : AES256 Hashing : SHA1Encapsulation: Tunnel PFS Group : 5Rekey Int (T): 28800 Seconds Rekey Left(T): 6282 SecondsBytes Tx : 1619268 Bytes Rx : 872409912Pkts Tx : 19277 Pkts Rx : 1596809hostname#Related Commands
show vpn-sessiondb ratio
To display the ratio of current sessions as a percentage by protocol or encryption algorithm, use the show vpn-sessiondb ratio command in privileged EXEC mode.
show vpn-sessiondb ratio {protocol | encryption} [filter groupname]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following is sample output for the show vpn-sessiondb ratio command, with encryption as the argument:
hostname# show vpn-sessiondb ratio encFilter Group : AllTotal Active Sessions: 5Cumulative Sessions : 9Encryption Sessions Percentnone 0 0%DES 1 20%3DES 0 0%AES128 4 80%AES192 0 0%AES256 0 0%The following is sample output for the show vpn-sessiondb ratio command with protocol as the argument:
hostname# show vpn-sessiondb ratio protocolFilter Group : AllTotal Active Sessions: 6Cumulative Sessions : 10Protocol Sessions PercentIKE 0 0%IPSec 1 20%IPSecLAN2LAN 0 0%IPSecLAN2LANOverNatT 0 0%IPSecOverNatT 0 0%IPSecOverTCP 1 20%IPSecOverUDP 0 0%userHTTPS 0 0%IMAP4S 3 30%POP3S 0 0%SMTPS 3 30%Related Commandsshow vpn-sessiondb ratio
show vpn-sessiondb summary
To display the a summary of current IPSec VPN and WebVPN sessions, use the show vpn-sessiondb summary command in privileged EXEC mode. The session summary includes total current sessions, current sessions of each type, peak and total cumulative sessions, and maximum concurrent sessions.
show vpn-sessiondb summary
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following is sample output for the show vpn-sessiondb summary command:
hostname# show vpn-sessiondb summaryActive Sessions: Session Information:IPSec LAN-to-LAN : 0 Peak Concurrent :7IPSec Remote Access : 0 IPSec Limit : 2000WebVPN : 0 WebVPM Limit : 12SSL VPN client (SVC) : 0 Cumulative Sessions : 0%Email Proxy : 0 Percent Session Load: 0Total Active Sessions : 0 VPN LB Mgmt Sessions: 0%Related Commands Total Active Sessions : 7
show webvpn csd
To determine whether CSD is enabled and, if so, display the CSD version in the running configuration, or test a file to see if it is a valid CSD distribution package, use the show webvpn csd command in privileged EXEC mode.
show webvpn csd [image filename]
Syntax Description
filename
Specifies the name of a file to test for validity as a CSD distribution package. It must take the form securedesktop_asa_<n>_<n>*.pkg.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
privileged EXEC mode
•
—
•
—
—
Command History
Usage Guidelines
Use the show webvpn csd command to check the operational status of CSD. The CLI responds with one of the following messages when you enter this command:
•
0 SNMP packets inputCSD is in the running configuration, but it is disabled. Go to webvpn configuration mode and enter the csd enable command to enable CSD.
•
0 Bad SNMP version errorsn.n.n.n is currently installed and enabled.CSD is enabled. The distribution package read from the flash device determines the version number. You can access Cisco Secure Desktop Manager through the ASDM Configuration > CSD menu path. CSD is accessible to users only if the CSD configuration contains a location.
Use the show webvpn csd image command to test a file to see if it is a valid CSD distribution package. Similarly, the csd image command, when entered in webvpn configuration mode, installs CSD only if the file you name in the command is a valid CSD distribution package. Otherwise, it displays an "ERROR: Unable to use CSD image" message.
The show webvpn csd image command tests a file to see if it is a valid CSD distribution package without installing CSD automatically if the file is valid. The CLI responds with one of the following messages when you enter this command:
•
0 Unknown community nameMake sure the filename is in the form the form securedesktop_asa_<n>_<n>*.pkg. If it is, replace the file with a fresh one obtained from the following website:
http://www.cisco.com/cisco/software/navigator.html
Then reenter the show webvpn csd image command. If the image is valid, use the csd image and csd enable commands in webvpn configuration mode to install and enable CSD.
•
Version : 3.1.0.25
Built on : Wed 10/19/2005 14:51:23.82Note that the CLI provides both the version and date stamp if the file is valid.
Examples
The following example indicates CSD is installed in the running configuration and enabled:
hostname# show webvpn csdSecure Desktop version 3.1.0.25 is currently installed and enabled.hostname#The following example shows the file specified is a valid CSD image:
hostname#show webvpn csd image securedesktop_asa_3_1_0_25.pkgThis is a valid Cisco Secure Desktop image:Version : 3.1.0.25Built on : Wed 10/19/2005 14:51:23.82hostname#Related Commands
show webvpn group-alias
To display the aliases for a specific tunnel-group or for all tunnel groups, use the group-alias command in privileged EXEC mode.
show webvpn group-alias [tunnel-group]
Syntax Description
Defaults
If you do not enter a tunnel-group name, this command displays all the aliases for all the tunnel groups.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
WebVPN must be running when you enter the show webvpn group-alias command.
Each tunnel group can have multiple aliases or no alias.
Examples
The following example shows the show webvpn group-alias command that displays the aliases for the tunnel group "devtest" and the output of that command:
hostname# show webvpn group-alias devtestQAFra-QARelated Commands
group-alias
Specifies one or more URLs for the group.
tunnel-group webvpn-attributes
Enters the config-webvpn mode for configuring WebVPN tunnel-group attributes.
show webvpn group-url
To display the URLs for a specific tunnel-group or for all tunnel groups, use the group-url command in privileged EXEC mode.
show webvpn group-url [tunnel-group]
Syntax Description
Defaults
If you do not enter a tunnel-group name, this command displays all the URLs for all the tunnel groups.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
WebVPN must be running when you enter the show webvpn group-url command. Each group can have multiple URLs or no URL.
Examples
The following example shows the show webvpn group-url command that displays the URLs for the tunnel group "frn-eng1" and the output of that command:
hostname# show webvpn group-urlhttp://www.cisco.comhttps://fra1.vpn.comhttps://fra2.vpn.comRelated Commands
group-url
Specifies one or more URLs for the group.
tunnel-group webvpn-attributes
Enters the config-webvpn mode for configuring WebVPN tunnel-group attributes.
show webvpn sso-server
To display the operating statistics for a single sign-on server, use the show webvpn sso-server command in privileged EXEC mode. This is an SSO with CA SiteMinder command.
show webvpn sso-server name
Syntax Description
Syntax DescriptionSyntax Description
Defaults
No default values or behavior.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
Single sign-on support, available only for WebVPN, lets users access different secure services on different servers without reentering a username and password more than once. The show webvpn sso-server command displays operating statistics for any or all SSO servers configured.
If no SSO server name argument is entered, statistics on all SSO servers display.
Examples
The following example, entered in privileged EXEC mode, displays statistics for an SSO server named example:
hostname# show webvpn sso-server exampleName: exampleType: SiteMinderAuthentication Scheme Version: 1.0Web Agent URL: http://www.example.com/webvpnNumber of pending requests: 0Number of auth requests: 0Number of retransmissions: 0Number of accepts: 0Number of rejects: 0Number of timeouts: 0Number of unrecognized responses: 0hostname(config-webvpn-sso-siteminder)#Related Commands
show webvpn svc
To view the SVC installation, or to test a file to see if it is a valid SVC file, use the show webvpn svc command from privileged EXEC mode.
show webvpn svc [image filename]
Syntax Description
Defaults
This command has no default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
—
•
—
—
Command History
Usage Guidelines
Use the show webvpn svc command to view information about the existing SVC images that are configured for use.
Use the image filename option to test a file to see if it is a valid SVC image. If the file is not a valid SVC image, the following message appears:
ERROR: This is not a valid SSL VPN Client image file.Examples
The following example shows the output of the show webvpn svc command for currently installed SVC images:
hostname# show webvpn svc1. windows.pkg 1SSL VPN ClientCISCO STC win2k+ 1.1.01,1,0,107Thu 04/14/2005 09:27:54.432. window2.pkg 15CISCO STC win2k+ 1.1.01,1,0,107Thu 04/14/2005 09:27:54.43The following example shows the output of the show webvpn svc image filename command for a valid SVC image:
F1(config-webvpn)# show webvpn svc image sslclient-win-1.0.2.127.pkgThis is a valid SSL VPN Client image:CISCO STC win2k+ 1.0.01,0,2,127Fri 07/22/2005 12:14:45.43Related Commands
