Cisco Systems OL-16647-01 Sub-session Details NAC Details

42-8

Cisco ASDM User Guide

OL-16647-01

Chapter 42 Monitoring VPN

VPN Statistics

Redirect URLs remain in force until either the IPSec session ends or until posture revalidation,

for which the ACS downloads a new access policy that can contain a different redirect URL or

no redirect URL.

More—Press this button to revalidate or initialize the session or tunnel group.

The ACL tab displays the ACL containing the ACEs that matched the session.

Modes

The following table shows the modes in which this feature is available:

Sub-session Details – NAC Details

The NAC Details window lets you view the statistics and state of a NAC session, and revalidate and

initialize the session or tunnel group.

The statistics and state attributes in this window are as follows:

• Reval Int (T)—Revalidation Time Interval. Interval in seconds required between each successful

posture validation.

• Reval Left (T)—Time Until Next Revalidation. 0 if the last posture validation attempt was

unsuccessful. Otherwise, the difference between the Revalidation Time Interval and the number of

seconds since the last successful posture validation.

• SQ Int (T)—Status Query Time Interval. Time in seconds allowed between each successful posture

validation or status query response and the next status query response. A status query is a request

made by the security appliance to the remote host to indicate whether the host has experienced any

changes in posture since the last posture validation.

• EoU Age (T)—EAPoUDP Session Age. Number of seconds since the last successful posture

validation.

• Hold Left (T)—Hold-Off Time Remaining. 0 seconds if the last posture validation was successful.

Otherwise, the number of seconds remaining before the next posture validation attempt.

• Posture Token—Informational text string configurable on the Access Control Server. The ACS

downloads the posture token to the security appliance for informational purposes to aid in system

monitoring, reporting, debugging, and logging. A typical posture token is Healthy, Checkup,

Quarantine, Infected, or Unknown.

• Redirect URL—Following posture validation or clientless authentication, the ACS downloads the

access policy for the session to the security appliance. The Redirect URL is an optional part of the

access policy payload. The security appliance redirects all HTTP (port 80) and HTTPS (port 443)

requests for the remote host to the Redirect URL if it is present. If the access policy does not contain

a Redirect URL, the security appliance does not redirect HTTP and HTTPS requests from the remote

host.

Redirect URLs remain in force until either the IPSec session ends or until posture revalidation, for

which the ACS downloads a new access policy that can contain a different redirect URL or no

redirect URL.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——