topic Command to check IPSEC tunnel on ASA 5520 in Network Security

Command to check IPSEC tunnel on ASA 5520

mahesh18 — Tue, 12 Mar 2019 00:44:30 GMT

Hi Everyone,

Need to check how many tunnels IPSEC are running over ASA 5520.

Tried commands which we use on Routers no luck

Thanks

Mahesh

Re: Command to check IPSEC tunnel on ASA 5520

Jouni Forss — Tue, 08 Jan 2013 15:57:45 GMT

Hi,

Please try to use the following commands.

show vpn-sessiondb l2l
show vpn-sessiondb ra-ikev1-ipsec
show vpn-sessiondb summary
show vpn-sessiondb license-summary
and try other forms of the connection with "show vpn-sessiondb ?"

Some of the command formats depend on your ASA software level

Hopefully the above information was helpfull

- Jouni

Command to check IPSEC tunnel on ASA 5520

mahesh18 — Tue, 08 Jan 2013 16:11:20 GMT

Hi,

Thanks for reply.

i did

sh vpn-sessiondb l2l

Session Type: LAN-to-LAN

Connection   : 10.x.x.x.
Index        : 3                      IP Addr      : 10..x.x.x
Protocol     : IKE IPsec
Encryption   : AES256                 Hashing      : SHA1
Bytes Tx     : 3902114912             Bytes Rx     : 4164563005
Login Time   : 21:10:24 UTC Sun Dec 16 2012
Duration     : 22d 18h:55m:43s

what does this show

Here IP address 10.x is of this ASA or remote site?

Duration shows how long tunnel is up?

What does login time shows?

Thanks

MAhesh

Command to check IPSEC tunnel on ASA 5520

Jouni Forss — Tue, 08 Jan 2013 16:14:39 GMT

Hi,

The field with "Connection: x.x.x.x" lists the remote VPN device IP address

The field with "Login Time" lists the time/date when the L2L VPN was formed

The field with "Duration" shows how long the L2L VPN has been up

Rest of the fields give information on the encryption, data transfered etc

- Jouni

Command to check IPSEC tunnel on ASA 5520

mahesh18 — Tue, 08 Jan 2013 16:19:10 GMT

Hi Jouni,

So we can say currently it has only 1 Active IPSEC VPN right?

when i do

show vpn-sessiondb summary

Active Session Summary

Sessions:
                                            Active : Cumulative : Peak Concurrent : Inactive
IPsec LAN-to-LAN      :       1 :          3 :               2
Totals                           :       1 :          3

Need to understand what does cumulative and peak mean here?

Thanks

Mahesh

Re: Command to check IPSEC tunnel on ASA 5520

Jouni Forss — Tue, 08 Jan 2013 16:22:45 GMT

Hi,

Peak: Tells how many VPNs have been up at the most at the same time
Cumulative: Counts the total amount of connections that have been up on the device
- You can for example have only one L2L VPN configured and when it comes up, goes down and comes up again it will already give the Cumulative value of 2.
- In other words it means how many times a VPN connection has been formed (even if you have configured only one) on the ASA since the last reboot or since the last reset of these statistics

In your case the above output would mean that L2L VPN type connection has been formed 3 times since the last reboot or clearing of these statistics. All the formings could be from this same L2L VPN connection.

EDIT: And yes, there is only 1 Active VPN connection when you issued that command on your firewall.

- Jouni

Command to check IPSEC tunnel on ASA 5520

mahesh18 — Tue, 08 Jan 2013 16:56:24 GMT

Hi Jouni,

Many thanks for answering all my questions.

Regards

Mahesh