Skip to main content



Cisco Defense Orchestrator

Check Site-to-Site VPN Tunnel Connectivity

Use the check connectivity status button to trigger a real-time connectivity check against the tunnel to identify whether the tunnel is currently active or idle. Unless you click the on-demand connectivity check button, a check across all tunnels, available across all onboarded devices, occurs once an hour.

CDO runs this connectivity check command on the FTD to determine if a tunnel is active or idle: 

show vpn-sessiondb l2l sort ipaddress 

Note: Model ASA device(s) tunnels will always show as idle.

To check tunnel connectivity from the VPN page:

  1. Click the VPN tab to open the VPN page. 
  2. Search and filter for your site-to-site VPN peer and select it. 
  3. In the Actions pane at the right, click Check Connectivity.

You can also check tunnel connectivity in the Tunnel Details table:

  1. Click View Peers in the Peers pane on the right.
  2. Double-click the other end of the VPN tunnel.
  3. Click the Tunnel Details tab. 
  4. Click the Check Connectivity button recycle_button.png for the tunnel 


  • Was this article helpful?