Showing results for 
Search instead for 
Did you mean: 

How to check when a specific L2L peer tunnel was last up?

Adam Runcie
Level 1
Level 1

Hey all,

So I'm trying to do some auditing on our ASA.  I inherited this duty from someone who is no longer with the company (and left before I joined on).  Apparently the company I work for now has been running without an "ASA expert" for some time.  My own knowledge of ASA is limited, but I know more than anybody else on the team so it kind of got dumped on me to figure this all out.  Anyway, I've noticed we have a few VPN tunnels configured that I've never actually seen as "up".  I've asked around on them, but nobody seems to know *for sure* if they're still used or not, but I've been told that they "think" one of them is used for nightly data transfers to a 3rd party.

My question is - is there a way to lookup when a *specific* L2L tunnel was last "up"?  I know there is a total VPN tunnel counter but thats not helping much as we have other tunnels incrementing that counter.

1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

Hi Adam Runcie,

The only way will be using SNMP to monitor the state of the VPN tunnel:

If you are trying to get a time without that config unfortunately is not possible since all the information of the tunnel is cleared after some time of inactivity. If you have a syslog server with debugging traps you may be able to find that info there too.

Hope this info helps!!

Rate if helps you!! 


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: