쫑콩아빠의 지금 이 순간...

모드 버튼을 누르고 전원 연결
Step1 플래시 파일 시스템 초기화
Switch: flash_init  

Step2 다음 명령을 사용하여 시작 구성을 무시합니다.
Switch: SWITCH_IGNORE_STARTUP_CFG=1 

Step3 플래시에서 packages.conf 파일을 사용하여 스위치를 부팅합니다.
Switch: boot flash:packages.conf 

Step4 아니요로 대답하여 초기 구성 대화 상자를 종료합니다.
Would you like to enter the initial configuration dialog? [yes/no]: No 

Step5 스위치 프롬프트에서 권한 있는 EXEC 모드로 들어갑니다.
Switch> enable      
Switch#   

Step8 실행 중인 구성을 시작 구성 파일에 씁니다.
Switch# copy running-config startup-config      

Step9 수동 부팅 모드가 활성화되어 있는지 확인합니다.
Switch# show boot 
BOOT variable = flash:packages.conf; 
Manual Boot = yes 
Enable Break = yes  

Step10 스위치를 다시 로드하십시오.
Switch# reload 

Step11 부트로더 매개변수(이전에 2단계와 3단계에서 변경됨)를 원래 값으로 되돌립니다. 
Switch: SWITCH_IGNORE_STARTUP_CFG=0 

Step12 플래시에서 packages.conf 파일을 사용하여 스위치를 부팅합니다.
Switch: boot flash:packages.conf 

Step13 스위치가 부팅된 후 스위치에서 수동 부팅을 비활성화합니다.

Switch(config)# no boot manual 

[이전 컨피그를 불러오는 방법]
Step 6 시작 구성을 실행 중인 구성에 복사합니다. 
Switch# copy startup-config running-config <엔터>
            Destination filename [running-config]?  <엔터>
확인 프롬프트에 응답하여 Return 키를 누릅니다. 이제 구성 파일이 다시 로드되었으며 다음을 수행할 수 있습니다.
비밀번호를 변경하세요.

Step7 글로벌 구성 모드로 들어가서 활성화 비밀번호를 변경하십시오.
Switch# configure terminal
           Switch(config)# enable password cisco

Nexus 9000시리즈는 os 부팅할때 Ctrl+] 를 누른다 

1. switch(boot)# conf t
   switch(boot)(config)# admin-password < 새로운 패스워드(대문자,소문자,숫자 섞어서 8자 이상) >
   switch(boot)(config)# exit

2. switch(boot)#dir bootflash:
   switch(boot)#load bootflash:n7000-s2-dk9.6.2.20.bin  [1번의 이미지 버전과 같은 걸로]

부팅 후 컨피그 초기화
wr er
reload

Abort Auto Provisioning and continue with normal setup ?(yes/no)[n]: yes
전원 켜기 자동 프로비저닝을 중단하고 일반 설정을 계속하시겠습니까?(예/아니요) 예

         ---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: no
보안 비밀번호 표준을 시행하시겠습니까 (예/아니요) 아니요
  Enter the password for "admin":   cisco
  Confirm the password for "admin":  cisco
  Do you want to enable admin vdc (yes/no) [n]: no

         ---- Basic System Configuration Dialog VDC: 1 ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco Nexus7000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus7000 devices must be registered to receive
entitled support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no):  Ctrl+c
Exiting the basic config setup.

login: admin
password: cisco

switch# copy running-config startup-config

.............................. <= 이거 나올때 Ctrl+c  를 누른다

스피드 변경 방법
serial --speed=9600

1. boot bootflash:n7000-s2-kickstart.6.2.20.bin [하게 되면 재부팅,이미지 버전 주의]

2. switch(boot)# conf t
   switch(boot)(config)# admin-password < 새로운 패스워드(대문자,소문자,숫자 섞어서 8자 이상) >
   switch(boot)(config)# exit

3. switch(boot)#dir bootflash:
   switch(boot)#load bootflash:n7000-s2-dk9.6.2.20.bin  [1번의 이미지 버전과 같은 걸로]

부팅 후 컨피그 초기화
wr er
reload

Abort Auto Provisioning and continue with normal setup ?(yes/no)[n]: yes
전원 켜기 자동 프로비저닝을 중단하고 일반 설정을 계속하시겠습니까?(예/아니요) 예

         ---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: no
보안 비밀번호 표준을 시행하시겠습니까 (예/아니요) 아니요
  Enter the password for "admin":   cisco
  Confirm the password for "admin":  cisco
  Do you want to enable admin vdc (yes/no) [n]: no

         ---- Basic System Configuration Dialog VDC: 1 ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco Nexus7000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus7000 devices must be registered to receive
entitled support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no):  Ctrl+c
Exiting the basic config setup.

login: admin
password: cisco

switch# copy running-config startup-config
spanning-tree port type edge default    포트 패스트
feature interface-vlan   vlan 활성화
service unsupported-transceiver   <= 서드파티벤더 GBIC 사용 명령
 
interface ethernet 3/1-48
sw
no sh
exit

 interface Ethernet4/1-48
sw
no sh
exit

 n5k 장비 기준 보통 Nexus 장비는 OS가 2가지를 가지고 있음 (Kickstart / UK)

부팅시 ctrl+shift+r
loader> dir
여러가지가 나오지만 밑의 두개가 중요
n5000-uk9.5.0.2.N1.1.bin
n5000-uk9-kickstart.5.0.2.N1.1.bin           <= 킥스타터 
loader> boot n5000-uk9-kickstart.5.0.2.N1.1.bin    <= 킥스타터로 부팅
switch(boot)(config)# admin-password [변경할 패스워드] 
switch(boot)# dir
여러가지가 나오지만 밑의 두개가 중요
n5000-uk9.5.0.2.N1.1.bin               <= 일반 OS
n5000-uk9-kickstart.5.0.2.N1.1.bin 
switch(boot)# load n5000-uk9.5.0.2.N1.1.bin       <= 일반 OS로 부팅

login: admin
password: cisco

1. 부팅시 Ctrl+C 로 ROMMON 진입

2. 
rommon 1 > confreg
 Configuration Summary : 
 => load ROM after netboot fails
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable
 do you wish to change the configuration? y/n  [n]:  y
 enable  "diagnostic mode"? y/n  [n]:  n
 enable  "use net in IP bcast address"? y/n  [n]:  n
 disable "load ROM after netboot fails"? y/n  [n]:  n
 enable  "use all zero broadcast"? y/n  [n]:  n
 enable  "break/abort has effect"? y/n  [n]:  n
 enable  "ignore system config info"? y/n  [n]:  y
 change console baud rate? y/n  [n]:  n
 change the boot characteristics? y/n  [n]:  n
 Configuration Summary : 
 => load ROM after netboot fails
 => ignore system config info
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable
 do you wish to save this configuration? y/n  [n]:  y
reset

** 부팅시 0x2142 로 부팅 안될때 **
 confreg 0x2142
 
***가상화가 설정 되어 있을경우 푸는 방법***
clear swnum
reset
boot
재부팅 됨

다음과 같이 입력후 재부팅하면 초기화 상태로 들어감.

3. 컨피그 복구 = Switch#copy startup-config running-config  [컨피그 복구 할거 아니면 안함]
    컨피그 삭제 = Switch#write erase

4. switch(config)#config-register 0x2102 로 원래의 confreg로 변경

5. switch(config)#boot system flash bootflash:cat4500e-entservicesk9-mz.151-1.SG.bin
              부팅 파일 지정
6. wr mem

7. reload 하고 부팅 되는지 확인

8. sh version

1. 부팅시 Ctrl+] or Ctrl+c       <= 너무 다다다 누르면 재부팅 될수도 있음
   Ctrl + L 하면 loader> 로 떨어짐
   loader> cmdline recoverymode=1
   loader> dir bootflash:   <= 이미지 확인
   loader> boot nxos.7.0.3.I2.4.bin     <= 확인한 이미지로 부팅

2. switch(boot)# conf t
   switch(boot)(config)# admin-password < 새로운 패스워드(대문자,소문자,숫자 섞어서 8자 이상  ex : ASDqwe123 ) >
   switch(boot)(config)# exit
   switch(boot)# write erase           <= 기존 컨피그 삭제
   switch(boot)# reload

3. switch(boot)#dir bootflash:    <<< kickstart이미지가 아닌 동일한 이름의 파일

4. switch(boot)#load bootflash:/ 이미지 네임
            자동 리부팅 됨

5. continue with normal setup, skip - bypass password and basic configuration, no
     - continue with Power On Auto Provisioning] (yes/skip/no)[no]: yes

6. Do you want to enforce secure password standard (yes/no): no
  Enter the password for "admin": cisco
  Confirm the password for "admin": cisco

7. Would you like to enter the basic configuration dialog (yes/no): ctrl + c
login: admin
Password:cisco

           ---- Basic System Configuration Dialog ----
  This setup utility will guide you through the basic configuration of
  the system. Only minimal configuration including IP connectivity to
  the Fabric interconnect and its clustering mode is performed through these steps.

  Type Ctrl-C at any time to abort configuration and reboot system.
  To back track or make modifications to already entered values,
  complete input till end of section and answer no when prompted
  to apply configuration.
   
  Enter the configuration method. (console/gui) ? 
  Enter the configuration method. (console/gui) ? console
  Enter the management mode. (ucsm/intersight)? ucsm
  Enter the setup mode; setup newly or restore from backup. (setup/restore) ? setup

  You have chosen to setup a new Fabric interconnect in "ucsm" managed mode. Continue? (y/n): ^C
  Type 'reboot' to abort configuration and reboot system
  or hit enter to continue. (reboot/<CR>) ? cr

  You have chosen to setup a new Fabric interconnect in "ucsm" managed mode. Continue? (y/n): y
  Enforce strong password? (y/n) [y]: n

  Enter the password for "admin": 
  Confirm the password for "admin": 

  Is this Fabric interconnect part of a cluster(select 'no' for standalone)? (yes/no) [n]: 
  Enter the system name:  ^C
  Type 'reboot' to abort configuration and reboot system
  or hit enter to continue. (reboot/<CR>) ? reboot

SW1#show running-config
Building configuration...
Current configuration : 2057 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
no ip cef
ip routing
!
no ipv6 cef
!no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 12
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 70
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
mac-address 00e0.a364.8001
ip address 7.7.12.254 255.255.255.0
!
interface Vlan13
mac-address 00e0.a364.8002
ip address 7.7.13.254 255.255.255.0
!
interface Vlan70
mac-address 00e0.a364.8003
ip address 7.7.7.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.7.0 0.0.0.255 area 0
network 7.7.12.0 0.0.0.255 area 0
network 7.7.13.0 0.0.0.255 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 7.7.7.254
!
ip flow-export version 9
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW2#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 12
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 23
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
mac-address 00d0.d33a.8301
ip address 7.7.12.1 255.255.255.0
!
interface Vlan23
mac-address 00d0.d33a.8302
ip address 7.7.23.1 255.255.255.0
!
interface Vlan24
mac-address 00d0.d33a.8303
ip address 7.7.24.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.12.0 0.0.0.255 area 0
network 7.7.24.0 0.0.0.255 area 0
network 7.7.23.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW3#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW3
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 35
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 23
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan13
mac-address 0060.2f0d.7c01
ip address 7.7.13.1 255.255.255.0
!
interface Vlan23
mac-address 0060.2f0d.7c02
ip address 7.7.23.2 255.255.255.0
!
interface Vlan35
mac-address 0060.2f0d.7c03
ip address 7.7.35.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.13.0 0.0.0.255 area 0
network 7.7.23.0 0.0.0.255 area 0
network 7.7.35.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW4#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW4
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 46
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 45
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan24
mac-address 0090.0c39.3c01
ip address 7.7.24.1 255.255.255.0
!
interface Vlan45
mac-address 0090.0c39.3c02
ip address 7.7.45.1 255.255.255.0
!
interface Vlan46
mac-address 0090.0c39.3c03
ip address 7.7.46.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.24.0 0.0.0.255 area 0
network 7.7.46.0 0.0.0.255 area 0
network 7.7.45.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW5#show running-config
Building configuration...
Current configuration : 1990 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW5
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 35
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 56
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 45
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan35
mac-address 000b.be12.9401
ip address 7.7.35.1 255.255.255.0
!
interface Vlan45
mac-address 000b.be12.9402
ip address 7.7.45.2 255.255.255.0
!
interface Vlan56
mac-address 000b.be12.9403
ip address 7.7.56.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.35.0 0.0.0.255 area 0
network 7.7.45.0 0.0.0.255 area 0
network 7.7.56.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
==================================================================================
SW6#show running-config
Building configuration...
Current configuration : 1988 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW6
!
no ip cef
ip routing
!
no ipv6 cef
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet1/0/1
switchport access vlan 46
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 56
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 80
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan46
mac-address 0001.97cd.4801
ip address 7.7.46.1 255.255.255.0
!
interface Vlan56
mac-address 0001.97cd.4802
ip address 7.7.56.1 255.255.255.0
!
interface Vlan80
mac-address 0001.97cd.4803
ip address 7.7.8.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 7.7.46.0 0.0.0.255 area 0
network 7.7.56.0 0.0.0.255 area 0
network 7.7.8.0 0.0.0.255 area 0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Configuration for SRX

root# show |no-more 
system {
     root-authentication {
        encrypted-password “$ABC123"; ## SECRET-DATA
    }
    services {
        ssh;
        telnet;
        }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 100.1.1.2/24;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
           family inet {
                address 192.168.2.1/24;
            }
        }
    }
    
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 100.1.1.1;
    }
}

security {
    ike {
        proposal ike-phase1-proposal {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm sha1;
            encryption-algorithm 3des-cbc;
            lifetime-seconds 86400;
        }
        policy ike-phase1-policy {
            mode main;
            proposals ike-phase1-proposal;
            pre-shared-key ascii-text “$ABC123"; ## SECRET-DATA
        }
        gateway gw-chicago {
            ike-policy ike-phase1-policy;
            address 100.1.1.1;
            external-interface ge-0/0/0.0;
        }
    }
    ipsec {
        proposal ipsec-phase2-proposal {
            protocol esp;
            authentication-algorithm hmac-md5-96;
            encryption-algorithm des-cbc;
            lifetime-seconds 28800;
        }
        policy ipsec-phase2-policy {
            perfect-forward-secrecy {
                keys group2;
            }
            proposals ipsec-phase2-proposal;
        }
        vpn ike-vpn-chicago {
            ike {
                gateway gw-chicago;
                ipsec-policy ipsec-phase2-policy;
            }
            establish-tunnels immediately;
        }
        
    }
    policies {
        from-zone trust to-zone untrust {
           policy vpn-tr-untr {
                match {
                    source-address sunnyvale;
                    destination-address chicago;
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn ike-vpn-chicago;
                        }
                    }
                }
            }
            
        }
        from-zone untrust to-zone trust {
            policy vpn-untr-tr {
                match {
                    source-address chicago;
                    destination-address sunnyvale;
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn ike-vpn-chicago;
                        }
                    }
                }
            }
            
    }
    zones {
        security-zone trust {
            address-book {
                address sunnyvale 192.168.2.0/24;
               
           }
            host-inbound-traffic {
                system-services {
                    all;
                }
            }
            interfaces {
                ge-0/0/1.0;
            }
        }
        security-zone untrust {
            address-book {
                address chicago 192.168.1.0/24;
            }
            host-inbound-traffic {
                system-services {
                    ike;
                }
            }
            interfaces {
                ge-0/0/0.0;
            }
        }
    }

}

VPN Configuration for Cisco ASA

(Only VPN related config included)
Interface Configuration: 
------------------------------------------------------------------------------------------------------------------

!
interface GigabitEthernet0
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0 

!
interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 100.1.1.1 255.255.255.0 
!

Policy Configuration :   ------------------------------------------------------------------------------------------------------------------
access-list s2s extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 

IPSEC/IKE Configuration :
-----------------------------------------------------------------------------------------------------------------
crypto ipsec ikev1 transform-set CISCO esp-des esp-md5-hmac 
crypto map outside_map 20 match address s2s
crypto map outside_map 20 set pfs 
crypto map outside_map 20 set peer 100.1.1.2 
crypto map outside_map 20 set ikev1 transform-set CISCO
crypto map outside_map 20 set security-association lifetime seconds 28800
crypto map outside_map interface outside
crypto isakmp identity address 
no crypto isakmp nat-traversal
crypto ikev1 enable outside
crypto ikev1 policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

tunnel-group 100.1.1.2 type ipsec-l2l
tunnel-group 100.1.1.2 ipsec-attributes
ikev1 pre-shared-key *****


Verification of VPN connection
SRX:

root> show security ike sa                        
Index   State  Initiator cookie  Responder cookie  Mode           Remote Address   
778322  UP     8858011cc0881359  e5ecd6302f0306b0  Main           100.1.1.1       

root> show security ipsec sa  
  Total active tunnels: 1
  ID    Algorithm       SPI      Life:sec/kb  Mon vsys Port  Gateway   
  <131073 ESP:des/ md5  fb0a0946 28765/unlim   -   root 500   100.1.1.1       
  >131073 ESP:des/ md5  11f6197b 28765/unlim   -   root 500   100.1.1.1       

root> show security ipsec sa detail                            
  ID: 131073 Virtual-system: root, VPN Name: ike-vpn-chicago
  Local Gateway: 100.1.1.2, Remote Gateway: 100.1.1.1
  Local Identity: ipv4_subnet(any:0,[0..7]=192.168.2.0/24)
  Remote Identity: ipv4_subnet(any:0,[0..7]=192.168.1.0/24)
  Version: IKEv1
    DF-bit: clear
    Policy Name:vpn-tr-untr

    Direction: inbound, SPI: 22abf60, AUX-SPI: 0
                              , VPN Monitoring: -
    Hard lifetime: Expires in 28571 seconds
    Lifesize Remaining:  4607999 kilobytes
    Soft lifetime: Expires in 27982 seconds
    Mode: Tunnel, Type: dynamic, State: installed
    Protocol: ESP, Authentication: hmac-md5-96, Encryption: des-cbc
    Anti-replay service: counter-based enabled, Replay window size: 64

    Direction: outbound, SPI: ccb96ffb, AUX-SPI: 0
                              , VPN Monitoring: -
    Hard lifetime: Expires in 28571 seconds
    Lifesize Remaining:  4607999 kilobytes
    Soft lifetime: Expires in 27982 seconds
    Mode: Tunnel(0 0), Type: dynamic, State: installed
    Protocol: ESP, Authentication: hmac-md5-96, Encryption: des-cbc
    Anti-replay service: counter-based enabled, Replay window size: 64

root> show security ipsec statistics | no-more    
ESP Statistics:
  Encrypted bytes:          1842192
  Decrypted bytes:          1210704
  Encrypted packets:          12144
  Decrypted packets:          12144
AH Statistics:
  Input bytes:                    0
  Output bytes:                   0
  Input packets:                  0
  Output packets:                 0
Errors:
  AH authentication failures: 0, Replay errors: 0
  ESP authentication failures: 0, ESP decryption failures: 0
  Bad headers: 0, Bad trailers: 0