Implementing Cisco Network Security (IINS, legacy) — Question 46

Which command verifies phase 1 of an IPsec VPN on a Cisco router?

Answer options

• A. show crypto map
• B. show crypto ipsec sa
• C. show crypto isakmp sa

Correct answer:

Explanation

The correct answer is C, 'show crypto isakmp sa', as this command specifically displays the status of the ISAKMP (Internet Security Association and Key Management Protocol) security associations, which are part of phase 1 of the IPsec VPN process. The other options do not provide information relevant to phase 1; 'show crypto map' relates to the overall crypto map configuration, while 'show crypto ipsec sa' pertains to phase 2 security associations.