Does anyone know a way to pull current statistics from a particular Site to Site VPN tunnel for troubleshooting purposes? What I'm looking for is the equivalent of the Cisco show vpn-sessiondb command like this:
This command is useful for seeing if Tx/Rx counters are incrementing to confirm two-way communication for a VPN, and verify current rekey/lifetime timers. Usually I would just run a packet capture and look for the presence of IKE/IPSEC traffic but there has to be a better way. What I've tried:
1) cpstat -f all vpn - Dumps very detailed VPN statistics but they are global and no apparent way to focus on a particular tunnel.
2) vpn tu - Just shows SA states with no statistics
3) SmartView Monitor - Tunnels...Monitor Traffic of this tunnel. Shows the live tunnel state and also allows graphing of top sources/destinations/connections including statistics but no apparent way to do it for all traffic in the tunnel. I'd imagine this raw data can be acquired by the rtm driver via the rtm monitor command on the gateway, but there is practically no documentation for how to use it.
4) I suppose Accounting could be set on the rule matching traffic to/from the tunnel, but those stats would only be updated every 10 minutes.
Any other suggestions?
