ASA L2L Status

[tylan]

Is there any way to monitor all the L2L tunnels on my ASA? I've figured out some ways in the ASDM to see which tunnels are active, but I'd like to see the active and inactive tunnels all at the same time.

Thanks...

Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(4)
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

 

[brianinms]

I don't know of a way to monitor inactive tunnels. You could look and see how many you have configured and then compare that to the ones that are up.

 

[NetworkGhost]

Why are you wanting to look at inactive tunnels? There would be nothing to see. Are you meaning idle tunnels? Tunnels that are up but just dont have data?

http://www.wr-mem.com

 

[Tekmazter]

You need to look at your show run to see inactive tunnels. If you're at least attempting to bring an inactive tunnel online, you can use 'show crypto isakmp sa' to see the status.

Utilize debug to see why a tunnel doesn't come online 'debug crypto isakmp 127'. Keep in mind, mm_active means the tunnel is up. This changed from PIX to ASA.

 

[tylan]

We were just looking for a way to monitor all tunnels at once. (Status of up or down) Say we have 8 tunnels, and I see 7 tunnels up and running. I'd like to see which one wasn't up... instead of comparing the 7 in the ASA to some other printed documentation that lists all 8 tunnels.