Use the Check Connectivity button to trigger a real-time connectivity check against the tunnel to identify whether the tunnel is currently active or idle. Unless you click the on-demand connectivity check button, a check across all tunnels, available across all onboarded devices, occurs once an hour.
- CDO runs this connectivity check command on the ASA and FTD to determine if a tunnel is active or idle:
show vpn-sessiondb l2l sort ipaddress
- Model ASA device(s) tunnels will always show as Idle.
To check tunnel connectivity from the VPN page:
- From the main navigation bar, click VPN > Site-to-Site VPN.
- Search and filter the list of tunnels for your site-to-site VPN tunnel and select it.
- In the Actions pane at the right, click Check Connectivity.
You can also check tunnel connectivity in the Tunnel Details table:
- From the main navigation bar, search and filter for the device you want to check VPN site-site-connectivity.
- In the Management pane, click VPN.
- Double-click the other end of the VPN tunnel.
- Click the Tunnel Details tab.
- Click the Check Connectivity button for the tunnel