Cisco ASA – Find Out VPN Tunnel Uptime

KB ID 0000863 Dtd 30/09/13

Problem

I needed to get the Uptime/Duration of a particular VPN tunnel this week. It was for a client with multiple VPN tunnels that was having problems with just one.

Solution

Option 1 via Command Line

1. Connect to to the firewall > Go to enable mode and use the following command, replace 123.123.123.123 with the IP of your VPN endpoint.

Sent username "PeteLong"  Type help or '?' for a list of available commands.  PetesASA>  PetesASA> enable  Password: ********  PetesASA# show vpn-sessiondb l2l filter name 123.123.123.123 | incl Duration  Duration : 0h:08m:26s <<<<<<<  PetesASA#

If you want a LOT MORE information use the following command;

PetesASA# show vpn-sessiondb detail l2l filter name 123.123.123.123

Session Type: LAN-to-LAN Detailed

Connection : 123.123.123.123  Index : 312 IP Addr : 123.123.123.123  Protocol : IKEv1 IPsec  Encryption : IKEv1: (1)3DES IPsec: (1)3DES  Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1  Bytes Tx : 18999 Bytes Rx : 26267  Login Time : 14:20:36 UTC Mon Sep 30 2013  Duration : 0h:32m:55s <<<<<<<  IKEv1 Tunnels: 1  IPsec Tunnels: 1

IKEv1:  Tunnel ID : 312.1  UDP Src Port : 500 UDP Dst Port : 500  IKE Neg Mode : Main Auth Mode : preSharedKeys  Encryption : 3DES Hashing : SHA1  Rekey Int (T): 86400 Seconds Rekey Left(T): 84425 Seconds  D/H Group : 2  Filter Name :  IPv6 Filter :

IPsec:  Tunnel ID : 312.2  Local Addr : 10.254.254.0/255.255.255.0/0/0  Remote Addr : 172.16.254.0/255.255.255.0/0/0  Encryption : 3DES Hashing : SHA1  Encapsulation: Tunnel PFS Group : 2  Rekey Int (T): 28800 Seconds Rekey Left(T): 26825 Seconds  Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607975 K-Bytes  Idle Time Out: 30 Minutes Idle TO Left : 26 Minutes  Bytes Tx : 18999 Bytes Rx : 26267  Pkts Tx : 94 Pkts Rx : 114

NAC:  Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds  SQ Int (T) : 0 Seconds EoU Age(T) : 2000 Seconds  Hold Left (T): 0 Seconds Posture Token:  Redirect URL :

PetesASA# 

Option 2 Via the ASDM

1. Connect to the ASDM > Monitoring > VPN > Sessions > Select the one you are interested in > Logon time Duration.

ASDM VPN Uptime

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On