Filter
Top Products
42-7
Cisco ASDM User Guide
OL-16647-01
Chapter 42 Monitoring VPN
VPN Statistics
–
Unknown—Posture validation is in progress.
The posture token is an informational text string which is configurable on the Access Control Server.
The ACS downloads the posture token to the security appliance for informational purposes to aid in
system monitoring, reporting, debugging, and logging. The typical posture token that follows the
NAC result is as follows: Healthy, Checkup, Quarantine, Infected, or Unknown.
The Details tab in the Session Details window displays the following columns:
• ID—Unique ID dynamically assigned to the session. The ID serves as the security appliance index
to the session. It uses this index to maintain and display information about the session.
• Type—Type of session: IKE, IPSec, or NAC.
• Local Addr., Subnet Mask, Protocol, Port, Remote Addr., Subnet Mask, Protocol, and
Port—Addresses and ports assigned to both the actual (Local) peer and those assigned to this peer
for the purpose of external routing.
• Encryption—Data encryption algorithm this session is using, if any.
• Assigned IP Address and Public IP Address—Shows the private IP address assigned to the remote
peer for this session. Also called the inner or virtual IP address, the assigned IP address lets the
remote peer appear to be on the private network. The second field shows the public IP address of the
remote computer for this session. Also called the outer IP address, the public IP address is typically
assigned to the remote computer by the ISP. It lets the remote computer function as a host on the
public network.
• Other—Miscellaneous attributes associated with the session.
The following attributes apply to an IKE session:
The following attributes apply to an IPSec session:
The following attributes apply to a NAC session:
–
Revalidation Time Interval— Interval in seconds required between each successful posture
validation.
–
Time Until Next Revalidation—0 if the last posture validation attempt was unsuccessful.
Otherwise, the difference between the Revalidation Time Interval and the number of seconds
since the last successful posture validation.
–
Status Query Time Interval—Time in seconds allowed between each successful posture
validation or status query response and the next status query response. A status query is a
request made by the security appliance to the remote host to indicate whether the host has
experienced any changes in posture since the last posture validation.
–
EAPoUDP Session Age—Number of seconds since the last successful posture validation.
–
Hold-Off Time Remaining—0 seconds if the last posture validation was successful. Otherwise,
the number of seconds remaining before the next posture validation attempt.
–
Posture Token—Informational text string configurable on the Access Control Server. The ACS
downloads the posture token to the security appliance for informational purposes to aid in
system monitoring, reporting, debugging, and logging. A typical posture token is Healthy,
Checkup, Quarantine, Infected, or Unknown.
–
Redirect URL—Following posture validation or clientless authentication, the ACS downloads
the access policy for the session to the security appliance. The Redirect URL is an optional part
of the access policy payload. The security appliance redirects all HTTP (port 80) and HTTPS
(port 443) requests for the remote host to the Redirect URL if it is present. If the access policy
does not contain a Redirect URL, the security appliance does not redirect HTTP and HTTPS
requests from the remote host.