Skip to main content

 

 

Cisco Defense Orchestrator

View Site-to-Site VPN Tunnel Information

Site-to-Site VPN Table View

The site-to-site VPN table view is a complete listing of all site-to-site VPN tunnels available across all devices onboarded to CDO. A tunnel only exists once in this list. Clicking on a tunnel listed in the table provides an option in the right side bar to navigate directly to a tunnel's peers for further investigation.

In cases where CDO does not manage both sides of a tunnel, you can click Onboard Device to open the main onboarding page an onboard the unmanaged peer. In cases where CDO manages both side of a tunnel, the Peer 2 column contains the name of the managed device. However, in the case of an AWS VPC, the Peer 2 column contains the IP address of the VPN gateway.

To view site-to-site VPN connections in the table view:

  1. From the main navigation bar, click VPN > Site-to-Site VPN.
  2. Click the Table view button. 
  3. Use Search and Filter Site-to-Site VPN Tunnels to find a specific tunnel, or zoom into the Global View graphic to find the VPN gateway and its peers that you are looking for. 

Site-to-Site VPN Global View

This is an example fo the global view. In the illustration, 'FTD_BGL_972' has a site-to-site connection with FTD_BGL_973 and FTD_BGL_974 devices. 
GlobalView.JPG

  1. From the main navigation bar, click VPN > Site-to-Site VPN.
  2. Click the Global view button. 
  3. Use Search and Filter Site-to-Site VPN Tunnels to find a specific tunnel, or zoom into the Global View graphic to find the VPN gateway and its peers that you are looking for. 
  4. Select one of the peers represented in the Global View.
  5. Click View Details.
  6. Click the other end of the VPN tunnel and CDO displays Tunnel Details, NAT Information, and Key Exchange information for that connection: 
  • Tunnel Details-Displays the name and connectivity information about the tunnel. Clicking the Refresh icon updates the connectivity information for the tunnels. 
  • Tunnel Details specific to AWS connections-Tunnel details for AWS site-to-site connections are slightly different than for other connections. For each connection from the AWS VPC to your VPN gateway, AWS creates two VPN tunnels. This is for high availability. 
    • The name of the tunnel represents the name of the VPC your VPN gateway is connected to. The IP address named in the tunnel is the IP address that your VPN gateway knows as the VPC.
    • If the CDO Connectivity status shows "active," the AWS tunnel state is "Up." If the CDO Connectivity state is "inactive," the AWS tunnel state is "Down." 
  • NAT Information-Displays the type of NAT rule being used, original and translated packet information, and provides links to the NAT table to view the NAT rule for that tunnel. (Not yet available for AWS VPC site-to-site VPN.)
  • Key Exchange-Displays the cryptographic keys in use by the tunnel and key-exchange issues. (Not yet available for AWS VPC site-to-site VPN.)

Tunnels Pane

The Tunnels pane displays a list of all the tunnels associated with a particular VPN gateway. For site-to-site VPN connections between your VPN gateway and an AWS VPC, the tunnels pane shows all the tunnels from your VPN gateway to the VPC. Since each site-to-site VPN connection between your VPN gateway and an AWS VPC has two tunnels, you will see double the number of tunnels you normally would for other devices. 

VPN Gateway Details

Displays the number of peers connected to the VPN gateway and the IP address of the VPN gateway. This is only visible in the VPN Tunnels page.

Peers Pane

After you select a site-to-site VPN peer pair, the peers pane lists the two devices in the pair and allows you to click View Peers for one of the devices. By clicking View Peers, you see any other site-to-site peer that device is associated with. This is visible in the Table view and in the Global view.