Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Protocol Statistics

74-10

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter74 Monitoring VPN

VPN Statistics

•Rejected—Number of peers that failed posture validation or were not granted an access policy by

an Access Control Server.

•Exempted—Number of peers that are not subject to posture validation because they match an entry

in the Posture Validation Exception list configured on the ASA.

•Non-responsive—Number of peers not responsive to Extensible Authentication Protocol (EAP) over

UDP requests for posture validation. Peers on which no CTA is running do not respond to these

requests. If the ASA configuration supports clientless hosts, the Access Control Server downloads

the access policy associated with clientless hosts to the ASA for these peers. Otherwise, the ASA

assigns the NAC default policy.

•Hold-off—Number of peers for which the ASA lost EAPoUDP communications after a successful

posture validation. The NAC Hold Timer attribute (Configuration > VPN > NAC) determines the

delay between this type of event and the next posture validation attempt.

•N/A—Number of peers for which NAC is disabled according to the VPN NAC group policy.

•Revalidate All—Click if the posture of the peers or the assigned access policies (that is, the

downloaded ACLs), have changed. Clicking this button initiates new, unconditional posture

validations of all NAC sessions managed by the ASA. The posture validation and assigned access

policy that were in effect for each session before you clicked this button remain in effect until the

new posture validation succeeds or fails. Clicking this button does not affect sessions that are exempt

from posture validation.

•Initialize All—Click if the posture of the peers or the assigned access policies (that is, the

downloaded ACLs) have changed, and you want to clear the resources assigned to the sessions.

Clicking this button purges the EAPoUDP associations and assigned access policies used for posture

validations of all NAC sessions managed by the ASA, and initiates new, unconditional posture

validations. The NAC default ACL is effective during the revalidations, so the session initializations

can disrupt user traffic. Clicking this button does not affect sessions that are exempt from posture

validation.

Protocol Statistics

Monitoring > VPN > VPN Statistics > ProtocolStatistics

This pane displays the protocols used by currently active user and administrator sessions on the ASA.

Each row in the table represents one protocol type.

Fields

•Show Statistics For—Selects a specific server or group or all tunnel groups.

•Protocol Statistics—Shows the statistics for all the protocols in use by currently active sessions.

–

Protocol—Lists the protocol to which the statistics in this row apply.

–

Sessions—Lists the number of sessions using this protocol.

–

Percentage—Indicates the percentage of sessions using this protocol relative to the total active

sessions, as a number. The sum of this column equals 100 percent (rounded).

•Total Active Tunnel—Shows the number of currently active sessions.

•Cumulative Tunnels—Shows the total number of sessions since the ASA was last booted or reset.

•Refresh—Updates the statistics shown in the Protocol Statistics table.

Cisco Systems Protocol Statistics

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505