D-Link DFL-260E User Manual for DFL-260E - Page 446
Troubleshooting with ikesnoop, ikesnoop -on -verbose, ikesnoop -on 10.1.1.10 -verbose
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 446 highlights
9.4.5. Troubleshooting with ikesnoop Chapter 9. VPN Example 9.9. Setting up an LDAP server This example shows how to manually setup and specify an LDAP server. Command-Line Interface gw-world:/> add LDAPServer Host=192.168.101.146 Username=myusername Password=mypassword Port=389 Web Interface 1. Go to: Objects > VPN Objects > LDAP > Add > LDAP Server 2. Now enter: • IP Address: 192.168.101.146 • Username: myusername • Password: mypassword • Confirm Password: mypassword • Port: 389 3. Click OK 9.4.5. Troubleshooting with ikesnoop VPN Tunnel Negotiation When setting up IPsec tunnels, problems can arise because the initial negotiation fails when the devices at either end of a VPN tunnel try but fail to agree on which protocols and encryption methods will be used. The ikesnoop console command with the verbose option is a tool that can be used to identify the source of such problems by showing the details of this negotiation. Using ikesnoop The ikesnoop command can be entered via a CLI console or directly via the RS232 Console. To begin monitoring the full command is: gw-world:/> ikesnoop -on -verbose This means that ikesnoop output will be sent to the console for every VPN tunnel IKE negotiation. The output can be overwhelming so to limit the output to a single IP address, for example the IP address 10.1.1.10, the command would be: gw-world:/> ikesnoop -on 10.1.1.10 -verbose the IPv4 address used is the IP address of the VPN tunnel's remote endpoint (either the IP of the remote endpoint or the client IP). To turn off monitoring, the command is: gw-world:/> ikesnoop -off 446