Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1288
Views
0
Helpful
1
Replies

Monitoring tool picking up more than 1 IPSec connection in Cisco ASA

praveenmathew27
Level 1
Level 1

‎03-25-2019 08:11 PM

I have a cisco ASA cluster for remote VPN connections(Anyconnect) . As seen below, when you use show vpn-sessiondb, you can see there is only 1 IPSec tunnel, used to monitor the  VPN load-balancing cluster status.

 

Our reporting tool (Cacti) , sometimes show 2 IPSec tunnels. Any idea why? 

 

---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
AnyConnect Client : 278 : 1008582 : 1026 : 12
SSL/TLS/DTLS : 278 : 1008582 : 1026 : 12
Load Balancing(Encryption) : 1 : 10 : 1
---------------------------------------------------------------------------
Total Active and Inactive : 291 Total Cumulative : 1008592
Device Total VPN Capacity : 5000
Device Load : 6%
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concurrent
----------------------------------------------
IKEv1 : 1 : 10 : 1
IPsec : 1 : 10 : 1
AnyConnect-Parent : 290 : 1008582 : 1026
SSL-Tunnel : 233 : 2114711 : 882
DTLS-Tunnel : 219 : 1590970 : 822
---------------------------------------------------------------------------
Totals : 744 : 4714283
---------------------------------------------------------------------------

 

Capture.PNG

Labels:
0 Helpful
1 Reply 1

Dennis Mink
VIP Alumni
VIP Alumni

‎03-25-2019 08:25 PM

amigo,

 

i can see the ipsec tunnel # is 2, any idea what OID cacti is polling?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card