An engineer is troubleshooting IPsec VPN and wants to show each phase2 SA build as well as the amount of traffic sent.
Which command accomplishes that goal?
A. show crypto esp sa
B. show crypto isakmp sa
C. show crypto engine connection active
D. show crypto ipsec sa
@Cioby
D is correct
Answer: C
Explanation: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#crypto_engine
show crypto engine connection active
This command shows each phase 2 SA built and the amount of traffic sent. Since phase 2 (security associations) SAs are unidirectional, each SA shows traffic in only one direction (encryptions are outbound, decryptions are inbound).