A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output?

ccnp-dump
ccnp-route-dump
ccnp-route

#1

A network engineer executes the show crypto ipsec sa command.
Which three pieces of information are displayed in the output? (Choose three.)
A. inbound crypto map
B. remaining key lifetime
C. path MTU
D. tagged packets
E. untagged packets
F. invalid identity packets

Correct Answer: ABC

Explanation:
show crypto ipsec sa
This command shows IPsec SAs built between peers. The encrypted tunnel is built between 12.1.1.1 and
12.1.1.2 for traffic that goes between networks 20.1.1.0 and 10.1.1.0. You can see the two Encapsulating
Security Payload (ESP) SAs built inbound and outbound. Authentication Header (AH) is not used since there
are no AH SAs.
This output shows an example of the show crypto ipsec sa command (bolded ones found in answers for this
question).
interface: FastEthernet0
Crypto map tag: test, local addr. 12.1.1.1
local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port):
(10.1.1.0/255.255.255.0/0/0) current_peer: 12.1.1.2
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918 #pkts decaps: 7760382, #pkts decrypt:
7760382, #pkts verify 7760382 #pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0,
#pkts decompress failed: 0, #send errors 1, #Recv errors 0 local crypto endpt.: 12.1.1.1, remote crypto endpt.:
12.1.1.2 path mtu 1500, media mtu 1500
current outbound spi: 3D3
inbound esp sas:
spi: 0x136A010F(325714191)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3442, flow_id: 1443, crypto map: test sa timing: remaining key lifetime (k/sec): (4608000/52) IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
inbound pcp sas:
outbound esp sas:
spi: 0x3D3(979)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3443, flow_id: 1444, crypto map: test sa timing: remaining key lifetime (k/sec): (4608000/52) IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas: