Troubleshooting With Ikesnoop; Setting Up An Ldap Server - D-Link DFL-260E User Manual

9.4.5. Troubleshooting with ikesnoop

Example 9.9. Setting up an LDAP server
This example shows how to manually setup and specify an LDAP server.
Command-Line Interface
gw-world:/> add LDAPServer
Web Interface
1. Go to: Objects > VPN Objects > LDAP > Add > LDAP Server
2. Now enter:
• IP Address: 192.168.101.146
• Username: myusername
• Password: mypassword
• Confirm Password: mypassword
• Port: 389
3. Click OK
9.4.5. Troubleshooting with ikesnoop
VPN Tunnel Negotiation
When setting up IPsec tunnels, problems can arise because the initial negotiation fails when the
devices at either end of a VPN tunnel try but fail to agree on which protocols and encryption
methods will be used. The ikesnoop console command with the verbose option is a tool that can be
used to identify the source of such problems by showing the details of this negotiation.
Using ikesnoop
The ikesnoop command can be entered via a CLI console or directly via the RS232 Console.
To begin monitoring the full command is:
gw-world:/> ikesnoop -on -verbose
This means that ikesnoop output will be sent to the console for every VPN tunnel IKE negotiation.
The output can be overwhelming so to limit the output to a single IP address, for example the IP
address 10.1.1.10, the command would be:
gw-world:/> ikesnoop -on 10.1.1.10 -verbose
the IPv4 address used is the IP address of the VPN tunnel's remote endpoint (either the IP of the
remote endpoint or the client IP). To turn off monitoring, the command is:
gw-world:/> ikesnoop -off
Host=192.168.101.146
Username=myusername
Password=mypassword
Port=389
446
Chapter 9. VPN