Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
74-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 74 Monitoring VPN
VPN Statistics
Assigned IP Address and Public IP Address—Private IP address assigned to the remote peer for this
session. Also called the inner or virtual IP address, the assigned IP address lets the remote peer
appear to be on the private network. The second field shows the public IP address of the remote
computer for this session. Also called the outer IP address, the public IP address is typically
assigned to the remote computer by the ISP. It lets the remote computer function as a host on the
public network.
Protocol/Encryption—Protocol and the data encryption algorithm this session is using, if any.
Login Time and Duration—Time and date of the session initialization, and the length of the session.
The session initialization time is in 24-hour notation.
Client Type and Version—Type and software version number (for example, rel. 7.0_int 50) of the client
on the remote computer.
Bytes Tx and Bytes Rx—Shows the total number of bytes transmitted to and received from the
remote peer by the ASA.
NAC Result and Posture Token—The ASDM displays values in this column only if you configured
Network Admission Control on the ASA.
The NAC Result shows one of the following values:
Accepted—The ACS successfully validated the posture of the remote host.
Rejected—The ACS could not successfully validate the posture of the remote host.
Exempted—The remote host is exempt from posture validation according to the Posture
Validation Exception list configured on the ASA.
Non-Responsive—The remote host did not respond to the EAPoUDP Hello message.
Hold-off—The ASA lost EAPoUDP communication with the remote host after successful
posture validation.
N/A—NAC is disabled for the remote host according to the VPN NAC group policy.
Unknown—Posture validation is in progress.
The posture token is an informational text string which is configurable on the Access Control Server.
The ACS downloads the posture token to the ASA for informational purposes to aid in system
monitoring, reporting, debugging, and logging. The typical posture token that follows the NAC
result is as follows: Healthy, Checkup, Quarantine, Infected, or Unknown.
The Details tab in the Session Details panepane displays the following columns:
ID—Unique ID dynamically assigned to the session. The ID serves as the ASA index to the session.
It uses this index to maintain and display information about the session.
Type—Type of session: IKE, IPsec, or NAC.
Local Addr., Subnet Mask, Protocol, Port, Remote Addr., Subnet Mask, Protocol, and
Port—Addresses and ports assigned to both the actual (Local) peer and those assigned to this peer
for the purpose of external routing.
Encryption—Data encryption algorithm this session is using, if any.
Assigned IP Address and Public IP Address—Shows the private IP address assigned to the remote
peer for this session. Also called the inner or virtual IP address, the assigned IP address lets the
remote peer appear to be on the private network. The second field shows the public IP address of the
remote computer for this session. Also called the outer IP address, the public IP address is typically
assigned to the remote computer by the ISP. It lets the remote computer function as a host on the
public network.
Other—Miscellaneous attributes associated with the session.