Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12768
Views
10
Helpful
6
Replies

Site to Site VPN Status in FirePower Management Center

hunteryoung
Level 1
Level 1

‎08-15-2018 05:32 AM - edited ‎02-21-2020 08:06 AM

We have began implementing site to site VPNs using our FirePower Management center. I'm wanting to find a way to add the connections to the dashboard so that we can which VPNs are up and the traffic flowing through them quickly. We've created a dashboard for our client VPNs, and we would like something like this (at the time of taking this no one is on our VPN). 

I can figure out which drop down in the widgets to use. 

7 people had this problem
Preview file
57 KB
0 Helpful
6 Replies 6

Greg Smalley
Level 1
Level 1

‎08-22-2018 07:26 AM

The widgets on the dashboard are only for Remote Access VPN.  The only way really to monitor Site to Site VPN tunnels is via Health Events. (System -> Health -> Events -> VPN Status.)

hunteryoung
Level 1
Level 1
In response to Greg Smalley

‎08-29-2018 05:38 AM

Thank you. We knew the VPN Status in the System Health but were wanting a way to easily, look at a dashboard and tell if a tunnel was up and healthy. It seems there is no way to do this currently in FirePower.

darknight
Level 1
Level 1
In response to hunteryoung

‎06-26-2019 07:08 AM

I have been looking for this as well. We had a list of active site to site connections in the ASA. The ability to see what VPN sessions are active is a basic function of the device.

0 Helpful

robertyoung
Level 1
Level 1

‎11-20-2023 05:19 AM

Now 3 years on and STILL I cannot find a way to present a nice widget on the dashboard showing our S2S VPNs.

How is something so fundamentally simple missing from the FMC?

0 Helpful

msc-dk
Level 1
Level 1
In response to robertyoung

‎12-13-2023 06:39 AM - edited ‎12-13-2023 06:41 AM

** EDIT ** sorry, I missed that you wanted to add the info to the dashboard, I agree it's missing

You can go to devices -> Site to Site Monitoring
This doesn't work for policy based VPN, though.

You can check ipsec sa status by clicking the small eye next to the Node A name when you hover over the item, then you will see output from "show crypto ipsec sa peer x.x.x.x" command (validating if tunnel is up and encap/decaps) in the CLI pane to the right.

Not the ideal solution, but it IS possible.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card