Skip to main content

 

 

Cisco Defense Orchestrator

Monitor ASA and FTD Remote Access VPN Sessions

CDO enables you to monitor live AnyConnect Remote Access Virtual Private Network (RA VPN) sessions from all onboarded Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) RA VPN head-ends in your tenant. 

CDO provides you the following information from each RA VPN session:

  • The total number of active RA VPN sessions and the number of currently connected users in your tenant.
  • Basic information about devices. 
  • The user name, login time, duration, and the amount of time the session has been inactive.
  • The assigned IP address within the enterprise network and the public IP address with which the session was initiated. 
  • The connection profile and group policy information associated with a session. 
  • The AnyConnect version and operating system type used in a user session.
  • The idle time remaining before the session timeout.
  • The volume of data received and transferred over a specified period.

Prerequisites

  • The RA VPN head-ends are onboarded on CDO.
  • The connectivity status of the devices you want to monitor is "Online" on the Devices & Services page.

Procedure

  1. In the CDO navigation pane, click VPN > Remote Access VPN Monitoring
    Alternatively, you can click View Active Remote Access VPN Sessions on the CDO home page or navigate to VPN > Remote Access VPN and click the RAVPN_Session.JPGicon in the top-right corner. CDO retrieves the information from the devices and shows the RA VPN sessions on the Remote Access VPN Monitoring view. If you want to stop CDO from retrieving the information from the devices, you can click the Cancel.

Note: CDO refreshes the data in the Remote Access VPN Monitoring page every 10 minutes. To see the latest RA VPN data, click the reload iconrefresh_icon.JPGappearing in the right corner of the screen.

The following illustration shows an example of the Remote Access VPN Monitoring interface. 

Callouts_VPN_Monitoring.jpg

Number in Illustration Explanation 
1

Shows all RA VPN head-end devices and the total number of active VPN sessions in your tenant.

  • Allows you to filter by a device. Click on a device to see the sessions on a particular device. 
    Note: Along with the device filter, you can use Search to look for specific VPN sessions within a device. You can type the user name, device name, assigned IP, public IP, group policy, or connection profile into the search bar. You can also search across all devices. 
  • Shows CPU and memory usage details, currently connected VPN sessions, and the number of VPN licenses on each device.  
    Important: The CPU usage represents the device's processor utilization and it doesn't represent the RA VPN  sessions consumed.
  • Shows a blue bar that represents the active VPN sessions on the device as a portion of all the active VPN sessions being monitored by your tenant.

Note: Click the filterfilter_icon.png icon to hide or show the View By Devices pane. 

2

Shows the VPN sessions associated with a device selected in the View By Devices pane. You can click All Devices in the View By Devices pane to view active VPN sessions across all your devices. 

3

Provides a column picker Column_Picker.JPG that allows you to select the session properties you want to view in the table. CDO remembers your selection the next time you sign in to CDO.  

Note: You can sort the column data in the order that you want.

4 Shows details of the user session selected in the middle pane. 
5

Allows terminating all the user's active RA VPN sessions on the ASA device.  

Note: To terminate sessions on an FTD device, log into the FTD CLI using ssh and execute the command "vpn-sessiondb logoff {name}". 

6 Allows terminating all active sessions on an ASA device.  You can also export the sessions to a comma-separated value file.

Customize the RA VPN View

Columns

You can modify the event view for both live and historical events to only include column headers that apply to the view you want. Click the column filter icon event_hamburger_2.PNG located to the right of the columns and select or deselect the columns you want.

Columns with asterisks are provided within the event table by default, although you can remove them at any time. Use the search bar to manually search for keywords for additional columns you may want to include. 

Order

You can reorder the columns of the Events view.  Click the column filter icon event_hamburger_2.PNG located to the right of the columns to expand the list of selected columns and manually drag/dop the columns into the order you want, where the column at the top of the list in the drop-down menu is the left-most column in the RA VPN View. 

Related Topics

  • Was this article helpful?