Check VPN tunnel status and/or uptime on PIX 506e

Hopefully a nice and simple one; what is the recommended way to check the current status and/or uptime of a given tunnel through the CLI?

J.
LVL 16
jimbobmcgeeAsked:
Who is Participating?
 
AugustTenConnect With a Mentor Commented:
'sh crypto ipsec sa' will give you all the info you need, including remaining key lifetime. Uptime can be calculated from the remaining lifetime, but you will only get uptime for the current security association.


0
 
jimbobmcgeeAuthor Commented:
That command certainly spools a lot.  Is there any way to summarise it?  Is there a grep that will tell me categorically whether the tunnel is up or down?  Or should I assume that, if it's not in the spool, it's not up?

Or, are there any articles on how to decipher that output anywhere?  
0
 
AugustTenCommented:
You can check how many are up with 'sh crypto ipsec sa summ'.

Remember you have two SA's for each tunnel (unidirectional).

And if it does not show up with 'sh crypto ipsec sa'  means the tunnel is down.
0
 
jimbobmcgeeAuthor Commented:
Thanks.

I think v6.3 is missing the 'summ' subcommand; it didn't seem to like it.  
I've gone with 'sh cry ips sa | grep current\_peer'; this seems to give me the list that I'm looking for.

Unless you can think of any reason why it wouldn't?

J.
0
 
AugustTenCommented:
You are probably  right, I am looking at v 7.2 ASA's.

But your solution is also good, that will give you the peers that are up.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.