Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1651
Views
0
Helpful
2
Replies

How to determine last time IPSEC SA was established with peer?

nathan.edwards1
Level 1
Level 1

‎03-28-2014 08:22 AM - edited ‎02-21-2020 07:34 PM

I have a cisco ASA with several ipsec peer configurations.  I suspect that a portion of these are obsolete and am going through the cleanup process.  The firewall has been up for over a year so I have a good timeframe of statistics covered, but I cannot figure out a way to show the last time the sa was active.  Any suggestions?

Labels:
0 Helpful
2 Replies 2

jj27
Spotlight
Spotlight

‎03-28-2014 10:25 AM

You would need to setup syslogging of IPSEC VPN connections to an external server to record a history of the connections.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-28-2014 11:53 AM

Besides what jjohnston suggested, you could always remark out their cryptomaps and see who complains. :)

It might be good to take his suggestion for a week or two and the communicate to your users that maintenance may affect their VPN connections and be ready to restore them in a moment if need be.

Going forward, it might be useful to give their access-list elements descriptive object-group names so that the connections's idientities are more obvious. I've always disliked how site-site VPN tunnel-groups need to be named after the remote peer IP.

In a previous position when I had occasion to do the same thing I also looked up the peer IP addresses in the whois databases (whois.arin.net and equivalents at RIPE and APNIC etc.). Sometimes that will point you to the remote partner identity

0 Helpful
Customers Also Viewed These Support Documents