Please confirm that you have

larsthobiasen · ‎02-12-2017

Hi,

I have a new ASA5508 where i installed the new FTD 6.2

I think the interface looks OK, but i cant find out how to monitor the site2site VPN

Can anyone tell me o i can see status of the VPN tunnels, and how to see some log if i have a tunnel with problems?

Please note that i dont have a firesight installed. - and i want to use the onboard FDM.

Is there a road map for these features?

/Lars

Zeeshan Aziz · ‎02-13-2017

Please confirm that you have an ASA with forepower services or newly FTD firmware, if FTD then the VPN is not yet supported by Cisco.

larsthobiasen · ‎02-13-2017

Hi,

I use the new FTD 6.2

new feature en FTD 6.2 is site2site VPN - and can also create the VPN tunnel, but cant find out where to monitor the status of the VPN.

Marvin Rhoads · ‎02-13-2017

I don't think they added the monitoring into FDM yet.

You can see the status from the cli with the following:

show crypto ikev1 sa 
show crypto ipsec sa

larsthobiasen · ‎02-13-2017

Hi,

Thanks for your answer!

Do you know if i can see any logs for the IPsec and IKE in the monitor log for troubleshooting?

Marvin Rhoads · ‎03-12-2018

Under the covers the same Lina code used by ASA is handling the IKE and IPsec operations so the same syslog messages should be available to you. I haven't personally used them though.

VPN on FTD 6.2 from FDM

I don't think they added the monitoring into FDM yet.

You can see the status from the cli with the following: