asa vpn sh vpn-sessiondb detail output

Answered Question
Aug 4th, 2010

When I run the " sh vpn-sessiondb detail" command on my asa 5520 it tells me the following:

Active Session Summary

Sessions:
                           Active : Cumulative : Peak Concurrent : Inactive
  SSL VPN               :       0 :          0 :               0
    Clientless only     :       0 :          0 :               0
    With client         :       0 :          0 :               0 :        0
  Email Proxy           :       0 :          0 :               0
  IPsec LAN-to-LAN      :       1 :         16 :               1
  IPsec Remote Access   :       2 :        702 :               4
  VPN Load Balancing    :       0 :          0 :               0
  Totals                :       3 :        718

License Information:
  IPsec   :    750    Configured :    750    Active :      4    Load :   1%
  SSL VPN :      2    Configured :      2    Active :      0    Load :   0%
                            Active : Cumulative : Peak Concurrent
  IPsec               :          4 :        741 :               6
  SSL VPN             :          0 :          1 :               1
    AnyConnect Mobile :          0 :          0 :               0
    Linksys Phone     :          0 :          0 :               0
  Totals              :          4 :        742

Tunnels:
               Active : Cumulative : Peak Concurrent
  IKE    :          3 :        718 :               5
  IPsec  :          4 :        810 :               6
  Totals :          7 :       1528

Active NAC Sessions:
  No NAC sessions to display

Active VLAN Mapping Sessions:
  No VLAN Mapping sessions to display
------------------------

however there are only two remote clients logged in and one site to site vpn configured at the moment.  So I was wondering why under tunnels it says the active IPsec count is 4?


Thank you.

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 4 months ago

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.

If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Wed, 08/04/2010 - 08:16

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.

If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.

Hope that helps.

Actions

This Discussion