Setup guide
ip ipsec counters
Property Description
out-accept (read-only: integer) - shows how many outgoing packets were matched by accept
policy (including the default "accept all" case)
out-accept-isakmp (read-only: integer) - shows how many locally originated UDP packets on
source port 500 (which is how ISAKMP packets look) were let through without policy matching
out-drop (read-only: integer) - shows how many outgoing packets were matched by drop policy
(or encrypt policy with level=require that does not have all necessary SAs)
out-encrypt (read-only: integer) - shows how many outgoing packets were encrypted successfully
in-accept (read-only: integer) - shows how many incoming packets were matched by accept policy
in-accept-isakmp (read-only: integer) - shows how many incoming UDP packets on port 500 were
let through without matching a policy
in-drop (read-only: integer) - shows how many incoming packets were matched by drop policy (or
encrypt policy with level=require that does not have all necessary SAs)
in-decrypted (read-only: integer) - shows how many incoming packets were successfully
decrypted
in-drop-encrypted-expected (read-only: integer) - shows how many incoming packets were
matched by encrypt policy and dropped because they were not encrypted
Example
To view current statistics:
[admin@WiFi] ip ipsec> counters print
out-accept: 6
out-accept-isakmp: 0
out-drop: 0
out-encrypt: 7
in-accept: 12
in-accept-isakmp: 0
in-drop: 0
in-decrypted: 7
in-drop-encrypted-expected: 0
[admin@WiFi] ip ipsec>
General Information
Wandy Router to Wandy Router
• transport mode example using ESP with automatic keying
• for Router1
[admin@Router1] > ip ipsec policy add sa-src=1.0.0.1 sa-dst=1.0.0.2 \
\... action=encrypt
[admin@Router1] > ip ipsec peer add address=1.0.0.2 \
\... secret="gvejimezyfopmekun"
• for Router2
[admin@Router2] > ip ipsec policy add sa-src=1.0.0.2 sa-dst=1.0.0.1 \
\... action=encrypt
[admin@Router2] > ip ipsec peer add address=1.0.0.1 \
\... secret="gvejimezyfopmekun"