Filter
Top Products
42-4
Cisco ASDM User Guide
OL-16647-01
Chapter 42 Monitoring VPN
VPN Statistics
The contents of the second table, also unlabeled, on this panel depend on the selection in the Filter By
list. In the following list, the first-level bullets show the Filter By selection, and the second-level bullets
show the column headings for this table.
• Remote Access—Indicates that the values in this table relate to remote access traffic.
–
Username/Tunnel Group—Shows the username or login name and the tunnel group for the
session. If the client is using a digital certificate for authentication, the field shows the Subject
CN or Subject OU from the certificate.
–
Assigned IP Address/Public IP Address—Shows the private (“assigned”) IP address assigned to
the remote client for this session. This is also known as the “inner” or “virtual” IP address, and
it lets the client appear to be a host on the private network. Also shows the Public IP address of
the client for this remote-access session. This is also known as the “outer” IP address. It is
typically assigned to the client by the ISP, and it lets the client function as a host on the public
network.
–
Protocol/Encryption—Shows the protocol and the data encryption algorithm this session is using,
if any.
–
Login Time/Duration—Shows the date and time (MMM DD HH:MM:SS) that the session
logged in. and the length of the session. Time is displayed in 24-hour notation.
–
Client Type/Version—Shows the type and software version number (for example, rel. 7.0_int 50)
for connected clients, sorted by username.
–
Bytes Tx/Bytes Rx—Shows the total number of bytes transmitted to/received from the remote
peer or client by the security appliance.
–
NAC Result and Posture Token—Displays values in this column only if you configured Network
Admission Control on the security appliance.
The NAC Result shows one of the following values:
Accepted—ACS successfully validated the posture of the remote host.
Rejected—ACS could not successfully validate the posture of the remote host.
Exempted—The remote host is exempt from posture validation according to the Posture
Validation Exception list configured on the security appliance.
Non-Responsive—The remote host did not respond to the EAPoUDP Hello message.
Hold-off—The security appliance lost EAPoUDP communication with the remote host after
successful posture validation.
N/A—NAC is disabled for the remote host according to the VPN NAC group policy.
Unknown—Posture validation is in progress.
The posture token is an informational text string that is configurable on the Access Control
Server. ACS downloads the posture token to the security appliance for informational purposes
to aid in system monitoring, reporting, debugging, and logging. The typical value of the Posture
Token field that follows the NAC Result field is as follows: Healthy, Checkup, Quarantine,
Infected, or Unknown.
• Site-toSite—Indicates that the values in this table relate to LAN-to-LAN traffic.
–
Tunnel Group/IP Address—Shows the name of the tunnel group and the IP address of the peer.
–
Protocol/Encryption—Shows the protocol and the data encryption algorithm this session is using,
if any.
–
Login Time/Duration—Shows the date and time (MMM DD HH:MM:SS) that the session
logged in. and the length of the session. Time is displayed in 24-hour notation.