Skip to main content



Cisco Defense Orchestrator

Verify Remote Access VPN Configuration

After you configure the remote access VPN and deploy the configuration to the device, verify that you can make remote connections.


  1. From an external network, establish a VPN connection using the AnyConnect client.
    Using a web browser, open https://ravpn-address, where ravpn-address is the IP address or hostname of the outside interface on which you are allowing VPN connections.
    If necessary, install the client software and complete the connection. See How Users Can Install the AnyConnect Client Software
    If you configured group URLs, also try those URLs. 
  2. Log on to FDM and use the device CLI as explained in Logging Into the Command Line Interface (CLI) section of the Getting Starteed chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for the version your device is running. Alternatively, onboard the headend FTD as an SSH device in CDO.
  3. Use the show vpn-sessiondb command to view summary information about current VPN sessions.
    The statistics should show your active AnyConnect Client session, and information on cumulative sessions, the peak concurrent number of sessions, and inactive sessions. Following is sample output from the command.


  1. Use the show vpn-sessiondb anyconnect command to view detailed information about current AnyConnect VPN sessions. 
    Detailed information includes encryption used, bytes transmitted and received, and other statistics. If you use your VPN connection, you should see the bytes transmitted/received numbers change as you re-issue this command.


  • Was this article helpful?