Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2539
Views
0
Helpful
1
Replies

asa vpn sh vpn-sessiondb detail output

Go to solution
lkadlik
Level 1
Level 1

‎08-04-2010 08:02 AM

When I run the " sh vpn-sessiondb detail" command on my asa 5520 it tells me the following:

Active Session Summary

Sessions:
                           Active : Cumulative : Peak Concurrent : Inactive
  SSL VPN               :       0 :          0 :               0
    Clientless only     :       0 :          0 :               0
    With client         :       0 :          0 :               0 :        0
  Email Proxy           :       0 :          0 :               0
  IPsec LAN-to-LAN      :       1 :         16 :               1
  IPsec Remote Access   :       2 :        702 :               4
  VPN Load Balancing    :       0 :          0 :               0
  Totals                :       3 :        718

License Information:
  IPsec   :    750    Configured :    750    Active :      4    Load :   1%
  SSL VPN :      2    Configured :      2    Active :      0    Load :   0%
                            Active : Cumulative : Peak Concurrent
  IPsec               :          4 :        741 :               6
  SSL VPN             :          0 :          1 :               1
    AnyConnect Mobile :          0 :          0 :               0
    Linksys Phone     :          0 :          0 :               0
  Totals              :          4 :        742

Tunnels:
               Active : Cumulative : Peak Concurrent
  IKE    :          3 :        718 :               5
  IPsec  :          4 :        810 :               6
  Totals :          7 :       1528

Active NAC Sessions:
  No NAC sessions to display

Active VLAN Mapping Sessions:
  No VLAN Mapping sessions to display
------------------------

however there are only two remote clients logged in and one site to site vpn configured at the moment.  So I was wondering why under tunnels it says the active IPsec count is 4?


Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-04-2010 08:16 AM

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.

If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.

Hope that helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-04-2010 08:16 AM

For the IPSec connections, that would be dependant on the number of SAs per tunnel. If you check out the IKE, that would give you the correct number of IPSec VPN tunnels which is 3 in total.

If you grab the output of "show cry ipsec sa", you would be able to find that there will be 4 SAs which is the 4 IPSec connections.

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents