Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

About VPN

Hello all,

I have a pix as vpn gateway and client software is VPN client 4.0.1, when client

connect to the pix successfully, under menu [Statistics]->[Secured Routers] thers are some many info, what I want to know is that how could this list means and what kind of operation could affect the list?? Thanks in advance.

New Member

Re: About VPN


Kindly find below for explanation of each tab at vpn client. Secured Routers will added once you connect to remote firewall after SA created.

Since it is Client-Server VPN only header will be encrypted by vpn. ( Transport Mode)

Hope this clears your doubts.


The Statistics tab shows statistics for data packets that the VPN Client has processed during the current session or since the statistics were reset. Reset affects only this part of the connection status screen.

Bytes in = The total amount of data received after a secure packet has been successfully decrypted.

Bytes out = The total amount of encrypted data transmitted through the tunnel.

Packets decrypted = The total number of data packets received on the port.

Packets encrypted = The total number of secured data packets transmitted out the port.

Packets bypassed = The total number of data packets that the VPN Client did not process because they did not need to be encrypted. Local ARPs and DHCP fall into this category.

Packets discarded = The total number of data packets that the VPN Client rejected because they did not come from the secure VPN device gateway.

Go to Viewing connection status

Secured routes

The Secured routes section lists the IPSec Security Associations (SAs).

The columns in the display show the following types of information:

Key icon = A key icon at the beginning of the row shows that the route is secure. The software generates a key as soon as the client needs to send secure data through the tunnel to the networks on the other side. The absence of a key means that the SA is no longer active. The SA may have timed out due to inactivity. Sending data to this network re-establishes the SA, and the key reappears.

Network = The IP address of the remote private network with which this VPN Client has an SA.

Subnet Mask = The subnet mask of the IP address for this SA.

Bytes = The total amount of data this SA has processed. This includes data before encryption as well as encrypted data received.

Src Port , Dst Port , and Protocol are for future use.