Posted by: manilageek | August 9, 2011

How to check Site to Site VPN tunnel on Cisco ASA firewall

VPN1#sh vpn-sessiondb detail l2l filter ipaddress 144.X.X.X

Session Type: LAN-to-LAN Detailed

Connection : 144.X.X.X
Index : 86 IP Addr : 144.X.X.X
Protocol : IPSecLAN2LAN Encryption : 3DES
Hashing : MD5
Bytes Tx : 81737101 Bytes Rx : 20614625
Login Time : 17:25:05 CST Sun Aug 7 2011
Duration : 12h:34m:02s
Filter Name :

IKE Sessions: 1
IPSec Sessions: 1

IKE:
Session ID : 1
UDP Src Port : 500 UDP Dst Port : 500
IKE Neg Mode : Main Auth Mode : preSharedKeys
Encryption : 3DES Hashing : SHA1
Rekey Int (T): 86400 Seconds Rekey Left(T): 41159 Seconds
D/H Group : 2

IPSec:
Session ID : 2
Local Addr : 165.Y.Y.Y/255.255.0.0/0/0
Remote Addr : 10.206.110.128/255.255.255.224/0/0
Encryption : 3DES Hashing : MD5
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 8039 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4569887 K-Bytes
Bytes Tx : 81737101 Bytes Rx : 20614625
Pkts Tx : 80681 Pkts Rx : 69776

Note: check if you have “Bytes Tx and Rx” this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Advertisements

Responses

  1. very nice show command.. you wouldn’t find this one on any cisco documentation I believe.. 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

%d bloggers like this: