Cisco Systems ASA 5525-X Network Router User Manual


  Open as PDF
of 2086
 
74-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 74 Monitoring VPN
VPN Statistics
Rejected—Number of peers that failed posture validation or were not granted an access policy by
an Access Control Server.
Exempted—Number of peers that are not subject to posture validation because they match an entry
in the Posture Validation Exception list configured on the ASA.
Non-responsive—Number of peers not responsive to Extensible Authentication Protocol (EAP) over
UDP requests for posture validation. Peers on which no CTA is running do not respond to these
requests. If the ASA configuration supports clientless hosts, the Access Control Server downloads
the access policy associated with clientless hosts to the ASA for these peers. Otherwise, the ASA
assigns the NAC default policy.
Hold-off—Number of peers for which the ASA lost EAPoUDP communications after a successful
posture validation. The NAC Hold Timer attribute (Configuration > VPN > NAC) determines the
delay between this type of event and the next posture validation attempt.
N/A—Number of peers for which NAC is disabled according to the VPN NAC group policy.
Revalidate All—Click if the posture of the peers or the assigned access policies (that is, the
downloaded ACLs), have changed. Clicking this button initiates new, unconditional posture
validations of all NAC sessions managed by the ASA. The posture validation and assigned access
policy that were in effect for each session before you clicked this button remain in effect until the
new posture validation succeeds or fails. Clicking this button does not affect sessions that are exempt
from posture validation.
Initialize All—Click if the posture of the peers or the assigned access policies (that is, the
downloaded ACLs) have changed, and you want to clear the resources assigned to the sessions.
Clicking this button purges the EAPoUDP associations and assigned access policies used for posture
validations of all NAC sessions managed by the ASA, and initiates new, unconditional posture
validations. The NAC default ACL is effective during the revalidations, so the session initializations
can disrupt user traffic. Clicking this button does not affect sessions that are exempt from posture
validation.
Protocol Statistics
Monitoring > VPN > VPN Statistics > Protocol Statistics
This pane displays the protocols used by currently active user and administrator sessions on the ASA.
Each row in the table represents one protocol type.
Fields
Show Statistics For—Selects a specific server or group or all tunnel groups.
Protocol Statistics—Shows the statistics for all the protocols in use by currently active sessions.
Protocol—Lists the protocol to which the statistics in this row apply.
Sessions—Lists the number of sessions using this protocol.
Percentage—Indicates the percentage of sessions using this protocol relative to the total active
sessions, as a number. The sum of this column equals 100 percent (rounded).
Total Active Tunnel—Shows the number of currently active sessions.
Cumulative Tunnels—Shows the total number of sessions since the ASA was last booted or reset.
Refresh—Updates the statistics shown in the Protocol Statistics table.