Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:

Cisco Secure VPN Exam Certification Guide - Cisco press

19.64 Mб

328 Chapter 7: Monitoring and Administering the VPN 3000 Series Concentrator

Figure 7-26 Monitoring | System Status


The Monitoring | Sessions screen, as seen in Figure 7-27, shows the statistics for the currently connected sessions. On this screen, you are able to limit the connections seen by group.

Figure 7-27 Monitoring | Sessions

Monitoring the Cisco VPN 3000 Series Concentrator 329

The screen is divided into four sections as follows. The following sections describe each in greater detail:

Session Summary

LAN-to-LAN Sessions

Remote Access Sessions

Management Sessions

This screen also provides you with a link to the top ten lists.

Sessions Summary

The Session Summary section displays a summary of all the active sessions and the peak concurrent sessions. The sessions limit and cumulative sessions are also displayed. This information is useful when determining how heavily you are utilizing the concentrator.

LAN-to-LAN Sessions

The LAN-to-LAN section allows you to see all the current LAN-to-LAN sessions. Noted in this section are the IP address and protocol used for connecting to the remote LAN as well as the encryption used. The time the tunnel was initiated and the duration the tunnel has been active are displayed next, followed by the bytes transmitted (Bytes Tx) and the bytes received (Bytes Rx). The Bytes Tx and Bytes Rx are useful when debugging a LAN-to-LAN connection. See Chapter 10, “Cisco VPN 3000 LAN-to-LAN with Preshared Keys,” for more information.

Remote Access Sessions

The Remote Access Sessions section shows the username, assigned IP address, and the public IP address for each of the connected remote access sessions.

The group to which this user belongs and the protocol encryption type are seen next. The duration of the connection, the client version, client type, and the Bytes Tx and Bytes Rx over the connection are shown.

Management Sessions

The Management Sessions Section shows those users connected to the concentrator for management purposes. The IP address, protocol used, and encryption type are shown, as well as the login time and the duration of the connection.

330 Chapter 7: Monitoring and Administering the VPN 3000 Series Concentrator

Top Ten Lists

The Top Ten Lists screen is shown in Figure 7-28. This screen enables the submenu system that allows you to see statistics for the top ten sessions. The choice of which sessions are included on these lists is based on data (the total amount of data sent and received), duration (the total time the session has been established), or throughput (the average amount of data throughput in bytes per second).

Figure 7-28 Monitoring | Sessions | Top Ten Lists

Choosing any of the three options brings you to the respective screen. All of these screens look virtually identical. The difference in them is merely the criteria for being selected for the list. As shown in Figure 7-29, groups may further filter the data. Choosing a group through the pulldown menu will show the top ten users for that individual group.


Shown in Figure 7-30, the Monitoring | Statistics screen is used to move further down the menu structure to an individual statistic.

Monitoring the Cisco VPN 3000 Series Concentrator 331

Figure 7-29 Monitoring | Sessions | Top Ten List | Data

Figure 7-30 Monitoring | Statistics

Following is a list of the Monitoring | Statistics submenu options:


Address Pools

Administrative AAA

332Chapter 7: Monitoring and Administering the VPN 3000 Series Concentrator


Bandwidth Management









Load Balancing







When you wish to view statistics based on any of the items shown in the preceding list, you merely need to click the appropriate link. For example, if you wish to see the address pools data, click the Address Pools link. You will be shown a screen similar to the one shown in Figure 7-31.

Figure 7-31 Monitoring | Statistics | Address Pools

Monitoring the Cisco VPN 3000 Series Concentrator 333


If you want to see what events have occurred since the last reboot, you would click the Events link. This causes the screen shown in Figure 7-32 to be displayed. This screen lists all of the events.

Figure 7-32 Monitoring | Statistics | Events Screen


One of the most important screens for statistics is the Monitoring | Statistics | IPSec screen. As seen in Figure 7-33, this screen gives you a wealth of information regarding the IPSec protocol. This screen is split into two areas: IKE (Phase 1) Statistics and IPSec (Phase 2) Statistics.

The IPSec screen may be the most useful of all the statistics because of the amount the IPSec protocol is relied on to form connections to your concentrator. Notice that not only are the successful connections shown, but also items such as Failed Initiated Tunnels and Failed Inbound Authentications. Because these types of information are shown on this screen, you are able to quickly troubleshoot connection failures. For example, should you have a problem connecting from a remote device, watching how the counters on this screen change as connections are attempted will reveal to you the cause of the failure.

334 Chapter 7: Monitoring and Administering the VPN 3000 Series Concentrator

Figure 7-33 Monitoring | Statistics | IPSec

MIB-II Statistics

The Monitoring | Statistics | MIB-II screen, as seen in Figure 7-34, is used to move further down the menu structure to an individual MIB statistics screen.

Figure 7-34 Monitoring | Statistics | MIB-II

Monitoring the Cisco VPN 3000 Series Concentrator 335

The MIB-II Statistics submenu system is shown in the following list so that you can familiarize yourself with the options available:







ARP Table



Notice that the available options here refer to more fundamental aspects of the concentrator than those available within the Monitoring | Statistics screen. This is important for you to remember for both the exam and for your daily work. If, for example, you want to see the statistics on an interface port, you will look in the MIB-II section. However, if you want statistics regarding load balancing, you will look in the Statistics section. Basically, if you think in terms of the ISO layers, you will see all the Layer 1, Layer 2, Layer 3, and Layer 4 statistics here. You will also see your routing protocols and TCP/UDP and SNMP packets here. Virtually everything else is seen in the Statistics screen.


A common task is to determine whether your interfaces are up. The Interfaces link allows you to see the state of your interfaces. As shown in Figure 7-35, this screen shows the state of your interface and the number of packets traversing the interface broken down by unicast, multicast, and broadcast types.


The IP screen is another critical screen on this submenu (see Figure 7-36). This screen shows IP packets sent, received, and discarded.You also see items such as fragmentation successes and failures.

336 Chapter 7: Monitoring and Administering the VPN 3000 Series Concentrator

Figure 7-35 Monitoring | Statistics | MIB-II | Interfaces

Figure 7-36 Monitoring | Statistics | MIB-II | IP


Figure 7-37 shows the RIP screen. This screen shows you any errors regarding the RIP protocol. Should you experience issues regarding routes that should be known through RIP, refer to this screen when troubleshooting.

Monitoring the Cisco VPN 3000 Series Concentrator 337

Figure 7-37 Monitoring | Statistics | MIB-II | RIP

The whole of the Monitoring submenu system is used to find where issues in connectivity and performance lie. It is important for you to know where you can look to find that information. Take a few minutes and review Table 7-3 and the submenu lists for statistics and MIB II.

Memorizing the contents of these tables will serve you well in quickly and efficiently troubleshooting connectivity.