Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
1
Replies

How to check when a specific L2L peer tunnel was last up?

Adam Runcie
Level 1
Level 1

‎05-22-2017 07:43 AM

Hey all,

So I'm trying to do some auditing on our ASA.  I inherited this duty from someone who is no longer with the company (and left before I joined on).  Apparently the company I work for now has been running without an "ASA expert" for some time.  My own knowledge of ASA is limited, but I know more than anybody else on the team so it kind of got dumped on me to figure this all out.  Anyway, I've noticed we have a few VPN tunnels configured that I've never actually seen as "up".  I've asked around on them, but nobody seems to know *for sure* if they're still used or not, but I've been told that they "think" one of them is used for nightly data transfers to a 3rd party.

My question is - is there a way to lookup when a *specific* L2L tunnel was last "up"?  I know there is a total VPN tunnel counter but thats not helping much as we have other tunnels incrementing that counter.

Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎05-22-2017 06:54 PM

Hi Adam Runcie,

The only way will be using SNMP to monitor the state of the VPN tunnel:

https://supportforums.cisco.com/document/11376/how-can-i-monitor-vpn-tunnel-status-through-snmp

If you are trying to get a time without that config unfortunately is not possible since all the information of the tunnel is cleared after some time of inactivity. If you have a syslog server with debugging traps you may be able to find that info there too.

Hope this info helps!!

Rate if helps you!! 

-JP- 

0 Helpful
Customers Also Viewed These Support Documents