Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
63775
Views
22
Helpful
6
Replies

Command to check IPSEC tunnel on ASA 5520

Go to solution
mahesh18
Level 6
Level 6

‎01-08-2013 07:52 AM - edited ‎03-11-2019 05:44 PM

Hi Everyone,

Need to check how many tunnels IPSEC are running over ASA 5520.

Tried commands which we use on Routers no luck

Thanks

Mahesh

1 person had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-08-2013 07:57 AM

Hi,

Please try to use the following commands.

  • show vpn-sessiondb l2l
  • show vpn-sessiondb ra-ikev1-ipsec
  • show vpn-sessiondb summary
  • show vpn-sessiondb license-summary
  • and try other forms of the connection with "show vpn-sessiondb ?"

Some of the command formats depend on your ASA software level

Hopefully the above information was helpfull

- Jouni

View solution in original post

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-08-2013 08:14 AM

Hi,

The field with "Connection: x.x.x.x" lists the remote VPN device IP address

The field with "Login Time" lists the time/date when the L2L VPN was formed

The field with "Duration" shows how long the L2L VPN has been up

Rest of the fields give information on the encryption, data transfered etc

- Jouni

View solution in original post

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-08-2013 08:22 AM

Hi,

  • Peak: Tells how many VPNs have been up at the most at the same time
  • Cumulative: Counts the total amount of connections that have been up on the device 
    • You can for example have only one L2L VPN configured and when it comes up, goes down and comes up again it will already give the Cumulative value of 2.
    • In other words it means how many times a VPN connection has been formed (even if you have configured only one) on the ASA since the last reboot or since the last reset of these statistics

In your case the above output would mean that L2L VPN type connection has been formed 3 times since the last reboot or clearing of these statistics. All the formings could be from this same L2L VPN connection.

EDIT: And yes, there is only 1 Active VPN connection when you issued that command on your firewall.

- Jouni

View solution in original post

6 Replies 6

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-08-2013 07:57 AM

Hi,

Please try to use the following commands.

  • show vpn-sessiondb l2l
  • show vpn-sessiondb ra-ikev1-ipsec
  • show vpn-sessiondb summary
  • show vpn-sessiondb license-summary
  • and try other forms of the connection with "show vpn-sessiondb ?"

Some of the command formats depend on your ASA software level

Hopefully the above information was helpfull

- Jouni

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎01-08-2013 08:11 AM

Hi,

Thanks for reply.

i did

sh vpn-sessiondb    l2l

Session Type: LAN-to-LAN

Connection   : 10.x.x.x.
Index        : 3                      IP Addr      : 10..x.x.x
Protocol     : IKE IPsec
Encryption   : AES256                 Hashing      : SHA1
Bytes Tx     : 3902114912             Bytes Rx     : 4164563005
Login Time   : 21:10:24 UTC Sun Dec 16 2012
Duration     : 22d 18h:55m:43s

what does this show

Here IP address 10.x  is of this ASA  or remote site?

Duration shows how long tunnel is up?

What does login time shows?

Thanks

MAhesh

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-08-2013 08:14 AM

Hi,

The field with "Connection: x.x.x.x" lists the remote VPN device IP address

The field with "Login Time" lists the time/date when the L2L VPN was formed

The field with "Duration" shows how long the L2L VPN has been up

Rest of the fields give information on the encryption, data transfered etc

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎01-08-2013 08:19 AM

Hi Jouni,

So we can say currently it has only 1 Active IPSEC VPN right?

when i do

show vpn-sessiondb  summary

Active Session Summary

Sessions:
                                            Active : Cumulative : Peak Concurrent : Inactive
  IPsec LAN-to-LAN      :       1 :          3 :               2
  Totals                           :       1 :          3

Need to understand what does cumulative and peak mean here?

Thanks

Mahesh

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-08-2013 08:22 AM

Hi,

  • Peak: Tells how many VPNs have been up at the most at the same time
  • Cumulative: Counts the total amount of connections that have been up on the device 
    • You can for example have only one L2L VPN configured and when it comes up, goes down and comes up again it will already give the Cumulative value of 2.
    • In other words it means how many times a VPN connection has been formed (even if you have configured only one) on the ASA since the last reboot or since the last reset of these statistics

In your case the above output would mean that L2L VPN type connection has been formed 3 times since the last reboot or clearing of these statistics. All the formings could be from this same L2L VPN connection.

EDIT: And yes, there is only 1 Active VPN connection when you issued that command on your firewall.

- Jouni

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎01-08-2013 08:56 AM

Hi Jouni,

Many thanks for answering all my questions.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card