Skip to main content



Cisco Defense Orchestrator

Search and Filter Site-to-Site VPN Tunnels

Use the filter sidebar filter_icon.png in combination with the search field to focus your search of VPN tunnels presented in the VPN tunnel diagram. 

  1. From the main navigation bar, navigate VPN > Site-to-Site VPN.
  2. Click the filter icon filter_icon.png to open the filter pane.
  3. Use these filters to refine your search:
  • Filter by Device-Click Filter by Device, select the device type tab, and check the devices you want to find by filtering. 
  • Tunnel Issues-Whether or not we have detected either side of the tunnel has issues. Some examples of a device having issues may be but not limited to is: missing associated interface or peer IP address or access list, IKEv1 proposal mismatches, etc. (Detecting tunnel issues is not yet available for AWS VPC VPN tunnels.)
  • Devices/Services-Filter by type of device. 
  • Status–Tunnel status can be active or idle. 
    • Active-There is an open session where network packets are traversing the VPN tunnel or a successful session was established and hasn’t been timed-out yet. Active can assist to indicate that tunnel is active and relevant.
    • Idle-CDO was unable to discover an open session for this tunnel, the tunnel may either be not in use or there is an issue with this tunnel.
  • Onboarded-Devices could be managed by CDO or not managed (unmanaged) by CDO. 
  • Device Types - Whether or not either side of the tunnel is a live (connected device) or model device.
  1. You can also search the filtered results by device name or IP address by entering that information in the search bar. The search is case-insensitive.