D-Link NetDefend SOHO DFL-160 User Manual page 113

Ikesnoop
The Dropped counter in the software section states the number of packets discarded as the result of
structural integrity tests or rule set drops. The IP Input Errs counter in the software section specifies
the number of packets discarded due to checksum errors or IP headers broken beyond recognition.
The latter is most likely the result of local network problems rather than remote attacks.
Ikesnoop
Ikesnoop is used to diagnose problems with IPsec tunnels.
Syntax: ikesnoop
Display current ikesnoop status.
Syntax: ikesnoop -off
Turn IKE snooping off.
Syntax: ikesnoop -on [ipaddr]
Turn IKE snooping on, if an IP is specified then only IKE traffic from that IP will be shown.
Syntax: ikesnoop -verbose [ipaddr]
Enable verbose output, if an IP is specified then only IKE traffic from that IP will be shown.
IPsecstats
Display connected IPsec VPN gateways and remote clients.
Syntax: ipsecstats <options>
Options:
-u - Append SA usage.
-num <connection-number> - Show this connection number.
Example:
DFL-160:/> ipsecstats
--- IPsec SAs:
Displaying one line per SA-bundle
VPN Tunnel Local net
---------- ---------------
vpn-home
IPsectunnels
Display configured IPsec VPN connections.
Syntax: ipsectunnels
Example:
DFL-160:/> ipsectunnel
No Name
-- ---------
1 vpn-home
192.168.123.0/24 192.168.1.2/32 192.168.1.2/32
Local Net
----------------
192.168.123.0/24
Remote net Remote GW
------------- --------------
Remote Net
------------
0.0.0.0
113
Appendix A. CLI Reference
Remote GW
-----------
0.0.0.0/0