I am looking for statistics of ipsec policies. Manual http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Policy_Stats speaks about in-* out-* packet couters, but I se only “ph2-state” like this (tested on v5.17, v6.7 and v6.12 where is IPSec in use):
[user@router] > /ip ipsec policy print stats
0 ph2-state=established
At least here http://forum.mikrotik.com/t/get-all-current-connections-via-api-not-just-2050/71236/1 looks like it was working on v2.9.26. Work it to someone on actual versions of RouterOS ? Similar the man page speak about “dump-kernel-policies”, but not working too.
In addition on v6.12 i see:
[root@RB1100AHx2] > /ip ipsec policy print stats
0 ph2-state=no-phase2
1 ph2-state=no-phase2
2 ph2-state=no-phase2
3 ph2-state=no-phase2
4 ph2-state=no-phase2
5 ph2-state=no-phase2
but SA are up and communication is working (and encrypted) - confusing. Peer is only one - Cisco ASA. All policies belong to them (more IP ranges for tunneling) with
level=unique ipsec-protocols=esp tunnel=yes
Any idea whats wrong ?