asa vpn sh vpn-sessiondb detail output

Answered Question
Aug 4th, 2010
User Badges:

When I run the " sh vpn-sessiondb detail" command on my asa 5520 it tells me the following:




Active Session Summary


Sessions:
                           Active : Cumulative : Peak Concurrent : Inactive
  SSL VPN               :       0 :          0 :               0
    Clientless only     :       0 :          0 :               0
    With client         :       0 :          0 :               0 :        0
  Email Proxy           :       0 :          0 :               0
  IPsec LAN-to-LAN      :       1 :         16 :               1
  IPsec Remote Access   :       2 :        702 :               4
  VPN Load Balancing    :       0 :          0 :               0
  Totals                :       3 :        718


License Information:
  IPsec   :    750    Configured :    750    Active :      4    Load :   1%
  SSL VPN :      2    Configured :      2    Active :      0    Load :   0%
                            Active : Cumulative : Peak Concurrent
  IPsec               :          4 :        741 :               6
  SSL VPN             :          0 :          1 :               1
    AnyConnect Mobile :          0 :          0 :               0
    Linksys Phone     :          0 :          0 :               0
  Totals              :          4 :        742


Tunnels:
               Active : Cumulative : Peak Concurrent
  IKE    :          3 :        718 :               5
  IPsec  :          4 :        810 :               6
  Totals :          7 :       1528


Active NAC Sessions:
  No NAC sessions to display


Active VLAN Mapping Sessions:
  No VLAN Mapping sessions to display
------------------------


however there are only two remote clients logged in and one site to site vpn configured at the moment.  So I was wondering why under tunnels it says the active IPsec count is 4?


Thank you.

Correct Answer by Jennifer Halim about 6 years 9 months ago

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.


If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Wed, 08/04/2010 - 08:16
User Badges:
  • Cisco Employee,

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.


If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.


Hope that helps.

Actions

This Discussion