74-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter74 Monitoring VPN
VPN Statistics
Fields
Session types (unlabeled)—Lists the number of currently active sessions of each type, the total limit,
and the total cumulative session count.
Remote Access—Shows the number of remote access sessions.
Site-to-Site—Shows the number of LAN-to-LAN sessions.
SSL VPN–Clientless—Shows the number of clientless browser-based VPN sessions.
SSL VPN–With Client—Shows the number of client-based SSL VPN sessions. With ASA version
8.x and above , this represents the AnyConnect SSL VPN client 2.x and above.
SSL VPN–Inactive—Shows the number of SSL VPN sessions that are inactive on the remote
computer.
Note An administrator can keep track of the number of users in the inactive state and can look
at the statistics. The sessions that have been inactive for the longest time are marked as
idle (and are automatically logged off) so that license capacity is not reached and new
users can log in. You can also access these statististics using the show vpn-sessiondb
CLI command (refer to the Cisco Security Appliance Command Reference Guide).
SSL VPN–Total—Shows the number of client-based and clientless SSL VPN sessions.
E-mail Proxy—Shows the number of E-mail proxy sessions.
VPN Load Balancing—Shows the number of load-balanced VPN sessions
Total—Shows the total number of active concurrent sessions.
Total Cumulative—Shows the cumulative number of sessions since the last time the ASA was
rebooted or reset.
Filter By—Specifies the type of sessions that the statistics in the following table represent.
Session type (unlabeled)—Designates the session type that you want to monitor. The default is
IPsec Remote Access.
Session filter (unlabeled)—Designates which of the column heads in the following table to filter
on. The default is --All Sessions--.
Filter name (unlabeled)—Specifies the name of the filter to apply. If you specify --All
Sessions-- as the session filter list, this field is not available. For all other session filter
selections, this field cannot be blank.
Filter—Executes the filtering operation.
The contents of the second table, also unlabeled, in this pane depend on the selection in the Filter By
list. In the following list, the first-level bullets show the Filter By selection, and the second-level bullets
show the column headings for this table.
Remote Access—Indicates that the values in this table relate to remote access (IPsec software and
hardware clients) traffic.
Username/Connection Profile—Shows the username or login name and the connection profile
(tunnel group) for the session. If the client is using a digital certificate for authentication, the
field shows the Subject CN or Subject OU from the certificate.
Group Policy Connection Profile—Displays the tunnel group policy connection profile for the
session.