Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Cluster Loads

74-7

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter74 Monitoring VPN

VPN Statistics

The following attributes apply to an IKE session:

The following attributes apply to an IPsec session:

The following attributes apply to a NAC session:

–

Revalidation Time Interval— Interval in seconds required between each successful posture

validation.

–

Time Until Next Revalidation—0 if the last posture validation attempt was unsuccessful.

Otherwise, the difference between the Revalidation Time Interval and the number of seconds

since the last successful posture validation.

–

Status Query Time Interval—Time in seconds allowed between each successful posture

validation or status query response and the next status query response. A status query is a

request made by the ASA to the remote host to indicate whether the host has experienced any

changes in posture since the last posture validation.

–

EAPoUDP Session Age—Number of seconds since the last successful posture validation.

–

Hold-Off Time Remaining—0 seconds if the last posture validation was successful. Otherwise,

the number of seconds remaining before the next posture validation attempt.

–

Posture Token—Informational text string configurable on the Access Control Server. The ACS

downloads the posture token to the ASA for informational purposes to aid in system monitoring,

reporting, debugging, and logging. A typical posture token is Healthy, Checkup, Quarantine,

Infected, or Unknown.

–

Redirect URL—Following posture validation or clientless authentication, the ACS downloads

the access policy for the session to the ASA. The Redirect URL is an optional part of the access

policy payload. The ASA redirects all HTTP (port 80) and HTTPS (port 443) requests for the

remote host to the Redirect URL if it is present. If the access policy does not contain a Redirect

URL, the ASA does not redirect HTTP and HTTPS requests from the remote host.

Redirect URLs remain in force until either the IPsec session ends or until posture revalidation,

for which the ACS downloads a new access policy that can contain a different redirect URL or

no redirect URL.

More—Press this button to revalidate or initialize the session or tunnel group.

The ACL tab displays the ACL containing the ACEs that matched the session.

Cluster Loads

Monitoring > VPN > VPN Statistics > Cluster Loads

Use this pane to view the current traffic load distribution among the servers in a VPN load-balancing

cluster. If the server is not part of a cluster, you receive an information message saying that this server

does not participate in a VPN load-balancing cluster.

Fields

•VPN Cluster Loads—Displays the current load distribution in the VPN load-balancing cluster.

Clicking a column heading sorts the table, using the selected column as the sort key.

–

Public IP Address—Displays the externally visible IP address for the server.

–

Role—Indicates whether this server is a master or backup device in the cluster.

Cisco Systems Cluster Loads

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505