You can use a few commands to verify and troubleshoot your IPSec tunnel configuration:
show crypto ipsec sa ” Displays all IPSec SAs. The output displays the interface that the crypto map is applied to and the traffic flow between the source IP address, destination IP address, protocol, and port that are protected.
show crypto ipsec security-association lifetime ” Displays the IPSec SA lifetime that was configured in crypto map configuration mode.
show crypto ipsec transform-set ” Displays the IPSec transform sets you configured.
show crypto map ” Displays the crypto map parameters you configured along with the interfaces that the crypto map is applied to. Figure 9.12 displays an example of this command's output.