Solved: Cisco ASA clear vpn-sessiondb statistics

johnlloyd_13 · ‎01-31-2018

hi,

i'm trying to clear counters for VPN sessions using the clear vpn-sessiondb statistics all.

but i can still see high number count and not back down to 0.

is this a bug or am i using the wrong clear command?

#clear vpn-sessiondb statistics all
INFO: Number of sessions cleared : 13

# show vpn-sessiondb summary
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concur : Inactive
                             ----------------------------------------------
AnyConnect Client            :      0 :        333 :           1 :        0
SSL/TLS/DTLS               :      0 :        333 :           1 :        0
IKEv1 IPsec/L2TP IPsec       :      4 :       1813 :           8
Site-to-Site VPN             :      9 :      18640 :          15
IKEv1 IPsec                :      9 :      18640 :          15
---------------------------------------------------------------------------
Total Active and Inactive    :     13             Total Cumulative : 20786
Device Total VPN Capacity    :    250
Device Load                  :     5%
---------------------------------------------------------------------------

UKITMN · ‎05-21-2018

I found the only way to clear the vpn-sessiondb stats was with the command :

clear vpn-sessiondb statistics global

Hope that helps.

View solution in original post

UKITMN · ‎05-21-2018

I found the only way to clear the vpn-sessiondb stats was with the command :

clear vpn-sessiondb statistics global

Hope that helps.

johnlloyd_13 · ‎04-03-2020

funny i'm in the same situation again and found my original post.

i concur this is right command to clear VPN historical stats.

ciscoasa# clear vpn-sessiondb statistics global
INFO: Global session data cleared

ciscoasa# sh vpn-sessiondb summary

No sessions to display.

Statistics have been cleared 1 time(s) since reboot

AlexPi · ‎05-21-2018

Hello John,

Haven't done that for years, but have you tried: clear resource usage resource VPN other ?

You will need to run this under Configuration mode

Hope that helps.

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

Florin Barhala · ‎05-21-2018

How did you come over this command? Interesting one.

AlexPi · ‎05-21-2018

Hey @Florin Barhala,

I remember using it a while ago, but I am not sure if it will work for clearing the vpn-sessiondb.

I tested now to one of my lab firewalls: show resource usage resource VPN other I get no statistics in return, so I think the command: clear resource usage resource VPN other would have cleared those statistics. Note that according to Cisco other includes "Other VPN sessions which include Site-to-Site, IKEv1 RA and L2tp Sessions. These are guaranteed for a context and shouldn't exceed the system capacity when combined across all contexts."

So to clear the statistics from the vpn-sessiondb, I think what @UKITMN said is the correct answer.

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------