The following screen shows comprehensive data for all active user and administrator sessions on the VPN Concentrator.
Figure 14-1 Monitoring | Sessions Screen
Reset
To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.
Restore
To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to monitor sessions for that group only. The default value is --All--, which displays sessions for all groups.
Session Summary Table
This table shows summary totals for LAN-to-LAN, remote access, and management sessions.
A session is a VPN tunnel established with a specific peer. In most cases, one user connection = one tunnel = one session. However, one IPSec LAN-to-LAN tunnel counts as one session, but it allows many host-to-host connections through the tunnel.
Active LAN-to-LAN Sessions
The number of IPSec LAN-to-LAN sessions that are currently active.
Active Remote Access Sessions
The number of PPTP, L2TP, IPSec remote-access user, L2TP over IPSec, and IPSec through NAT sessions that are currently active.
Active Management Sessions
The number of administrator management sessions that are currently active.
Total Active Sessions
The total number of sessions of all types that are currently active.
Peak Concurrent Sessions
The highest number of sessions of all types that were concurrently active since the VPN Concentrator was last booted or reset.
Concurrent Sessions Limit
The maximum number of concurrently active sessions permitted on this VPN Concentrator. This number is model-dependent, for example, model 3060 = 5000 sessions.
Total Cumulative Sessions
The total cumulative number of sessions of all types since the VPN Concentrator was last booted or reset.
LAN-to-LAN Sessions Table
This table shows parameters and statistics for all active IPSec LAN-to-LAN sessions, initially sorted alphanumerically by connection name. Each session here identifies only the outer LAN-to-LAN connection or tunnel, not individual host-to-host sessions within the tunnel.
[ Remote Access Sessions | Management Sessions ]
Click these active links to go to the other session tables on this Manager screen.
Connection Name
The name of the IPSec LAN-to-LAN connection.
To display detailed parameters and statistics for this connection, click this name. See the Monitoring | Sessions | Detail screen.
IP Address
The IP address of the remote peer VPN Concentrator or other secure gateway that initiated this LAN-to-LAN connection.
Protocol, Encryption, Login Time, Duration, Bytes Tx, Bytes Rx
See Table 14-1 for definitions of these parameters.
Remote Access Sessions Table
This table shows parameters and statistics for all active remote-access sessions. Each session is a single-user connection from a remote client to the VPN Concentrator. Remote-access sessions include PPTP, L2TP, IPSec remote-access user, L2TP over IPSec, and IPSec through NAT sessions.
Click a column header in this table to sort the table entries in ascending alphanumeric order, using that column as the sort key field.
[ LAN-to-LAN Sessions | Management Sessions ]
Click these active links to go to the other session tables on this Manager screen.
Username
The username or login name for the session. The field shows Authenticating... if the remote-access client is still negotiating authentication. If the client is using a digital certificate for authentication, the field shows the Subject CN or Subject OU from the certificate.
To display detailed parameters and statistics for this session, click this name. See the Monitoring | Sessions | Detail screen.
Public IP Address
The public IP address of the client for this remote-access session. This is also known as the "outer" IP address. It is typically assigned to the client by the ISP, and it lets the client function as a host on the public network.
Assigned IP Address
The private IP address assigned to the remote client for this session. This is also known as the "inner" or "virtual" IP address, and it lets the client appear to be a host on the private network.
Group
The group name of the client for this remote-access session. Clicking the column head for Group sorts the table entries in ascending alphanumeric order and also sorts the usernames within each group in ascending alphanumeric order.
Client Type and Operating System
The client type of connected clients, and, when available, the associated operating system, sorted by username. For example:
Client Type
Operating System
VPN 3000 Hardware Client
VPN3002
Windows NT client
Windows NT 4.0, Windows 2000, and Windows XP
Windows 98 client
Windows 98
Windows 95client
Windows 95
Version
The software version number (for example, rel. 3.6,_int 50) for connected clients, sorted by username.
Protocol, Encryption, Login Time, Duration, Bytes Tx, Bytes Rx
See Table 14-1 for definitions of these parameters.
Management Sessions Table
This table shows parameters and statistics for all active administrator management sessions on the VPN Concentrator.
[ LAN-to-LAN Sessions | Remote Access Sessions ]
Click these active links to go to the other session tables on this Manager screen.
Administrator
The administrator username or login name for the session.
IP Address
The IP address of the manager workstation that is accessing the system. Local indicates a direct connection through the Console port on the system.
Protocol, Encryption, Login Time, Duration, Bytes Tx, Bytes Rx
See Table 14-1 for definitions of these parameters.
Table 14-1 Parameter definitions for Monitoring | Sessions Screen
Parameter
Definition
Protocol
The protocol this session is using. Console indicates a direct connection through the Console port on the system.
See Monitoring | Sessions | Protocols for a graphical representation of sessions by protocol.
Encryption
The data encryption algorithm this session is using, if any.
See Monitoring | Sessions | Encryption for a graphical representation of sessions by encryption algorithm used.
Login Time
The date and time (MMM DD HH:MM:SS) that the session logged in. Time is displayed in 24-hour notation.
Duration
The elapsed time (HH:MM:SS) between the session login time and the last screen refresh.
Bytes Tx
The total number of bytes transmitted to the remote peer or client by the VPN Concentrator.
Bytes Rx
The total number of bytes received from the remote peer or client by the VPN Concentrator.
Monitoring | Sessions | Detail
These Manager screens show detailed parameters and statistics for a specific remote-access or LAN-to-LAN session. The parameters and statistics differ depending on the session protocol. There are unique screens for:
IPSec LAN-to-LAN (IPSec/LAN-to-LAN)
IPSec remote access (IPSec User)
IPSec through UDP (IPSec/UDP)
IPSec through TCP (IPSec/TCP)
L2TP
L2TP over IPSec (L2TP/IPSec)
PPTP
The Manager displays the appropriate screen when you click a highlighted connection name or username on the Monitoring | Sessions screen. Figure Figure 14-2 shows an example of one kind of detail screen. Depending on the type of connection you select, your detail screen might look somewhat different from the example shown. But, each session detail screen shows three tables: summary data, bandwidth management information, and detail data. The summary data echoes the session data from the Monitoring | Sessions screen. The Bandwidth Statistics table shows information about the effect of policing on that session. The session detail table shows all the relevant parameters for each session and subsession.
See Table 14-2 for definitions of the possible session detail parameters, in alphabetical order.
Figure 14-2 Example of a Monitoring | Sessions | Detail Screen
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Back to Sessions
To return to the Monitoring | Sessions screen, click Back to Sessions.
The private IP address assigned to the remote client for this session. This is also known as the "inner" or "virtual" IP address, and it lets the client appear to be a host on the private network.
Authentication Mode
The protocol or mode used to authenticate this session.
Bytes Rx
Bytes Received
The total number of bytes received from the remote peer or client by the VPN Concentrator.
Bytes Tx
Bytes Transmitted
The total number of bytes transmitted to the remote peer or client by the VPN Concentrator.
Compression
The data compression algorithm this session is using. LZS is the data compression algorithm used by IPComp. MPPC uses LZ.
Connection Name
The name of the IPSec LAN-to-LAN connection.
Diffie-Hellman Group
The algorithm and key size used to generate IPSec SA encryption keys.
Duration
The elapsed time (HH:MM:SS) between the session login time and the last screen refresh.
Encapsulation Mode
The mode for applying IPSec ESP (Encapsulation Security Payload protocol) encryption and authentication, in other words, what part of the original IP packet has ESP applied.
Encryption
Encryption Algorithm
The data encryption algorithm this session is using, if any.
Hashing Algorithm
The algorithm used to create a hash of the packet, which is used for IPSec data authentication.
Idle Time
The elapsed time (HH:MM:SS) between the last communication activity on this session and the last screen refresh.
IKE Negotiation Mode
The IKE (IPSec Phase 1) mode for exchanging key information and setting up SAs: Aggressive or Main.
IKE Sessions
The total number of IKE (IPSec Phase 1) sessions; usually 1. These sessions establish the tunnel for IPSec traffic.
IP Address
The IP address of the remote peer VPN Concentrator or other secure gateway that initiated the IPSec LAN-to-LAN connection.
IPSec Sessions
The total number of IPSec (Phase 2) sessions, which are data traffic sessions through the tunnel. Each IPSec remote-access session may have two IPSec sessions: one showing the tunnel endpoints, and one showing the private networks reachable through the tunnel.
L2TP Sessions
The total number of user sessions through this L2TP or L2TP / IPSec tunnel; usually 1.
Local Address
The IP address (and wildcard mask) of the destination host (or network) for this session.
Login Time
The date and time (MMM DD HH:MM:SS) that the session logged in. Time is displayed in 24-hour notation.
Perfect Forward Secrecy Group
The Diffie-Hellman algorithm and key size used to generate IPSec SA encryption keys using Perfect Forward Secrecy.
PFS Group
The Perfect Forward Secrecy group: 1, 2, 3, 4, or 7.
PPTP Sessions:
The total number of user sessions through this PPTP tunnel; usually 1.
Protocol
The tunneling protocol that this session is using.
Public IP Address
The public IP address of the client for this remote-access session. This is also known as the "outer" IP address. It is typically assigned to the client by the ISP, and it lets the client function as a host on the public network.
Rekey Data Interval
The lifetime in kilobytes of the IPSec (IKE) SA encryption keys.
Rekey Time Interval
The lifetime in seconds of the IPSec (IKE) SA encryption keys.
Remote Address
The IP address (and wildcard mask) of the remote peer (or network) that initiated this session.
SEP
The Scalable Encryption Module that is handling cryptographic processing for this session.
Session ID
An identifier for session components (subsessions) on this screen. With IPSec, there is one identifier for each SA.
UDP Port
The UDP port number used in an IPSec through NAT connection.
Username
The username or login name for the session. If the client is using a digital certificate for authentication, the field shows the Subject CN or Subject OU from the certificate.
Monitoring | Sessions | Protocols
This screen graphically displays the protocols used by currently active user and administrator sessions on the VPN Concentrator.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to show protocols used by currently active users in that group only. The default value is --All--, which displays protocols for users in all groups.
Active Sessions
The number of currently active sessions.
Total Sessions
The total number of sessions since the VPN Concentrator was last booted or reset.
Protocol
The protocol that the session is using:
Other = Protocol other than those listed here.
PPTP = Point-to-Point Tunneling Protocol.
L2TP = Layer 2 Tunneling Protocol.
IPSec = Internet Protocol Security tunneling protocol (remote-access users).
HTTP = Hypertext Transfer Protocol (web browser).
FTP = File Transfer Protocol.
Telnet = Terminal emulation protocol.
SNMP = Simple Network Management Protocol.
TFTP = Trivial File Transfer Protocol.
Console = Directly connected console; no protocol.
Debug/Telnet = Debugging via Telnet (for Cisco use only).
Debug/Console = Debugging via console (for Cisco use only).
L2TP/IPSec = L2TP over IPSec.
IPSec/LAN-to-LAN = IPSec LAN-to-LAN connection.
IPSec/UDP = IPSec through NAT (Network Address Translation) via UDP.
SSH = Secure SHell protocol.
VCA/IPSec = Virtual Cluster Agent via IPSec. (For Cisco use only.)
IPSec/TCP = IPSec through NAT (Network Address Translation) via TCP.
IPSec/NAT-T = IPSec over NAT Traversal.
IPSec/LAN-to-LAN/NAT-T = IPSec LAN-to-LAN connection over NAT Traversal.
L2TP/IPSec/NAT-T = L2TP/IPSec connection over NAT Traversal.
Sessions
The number of active sessions using this protocol. The sum of this column equals the total number of Active Sessions shown above.
Bar Graph
The percentage of sessions using this protocol relative to the total active sessions, as a horizontal bar graph. Each segment of the bar in the column heading represents 25 percent.
Percentage
The percentage of sessions using this protocol relative to the total active sessions, as a number. The sum of this column equals 100 percent (rounded).
Monitoring | Sessions | SEPs
Note This screen appears on models 3015-3080 only.
This screen graphically displays the SEP (Scalable Encryption Processing) modules used by currently active user and administrator sessions on the VPN Concentrator. SEP modules perform data encryption functions in hardware.
Figure 14-4 Monitoring | Sessions | SEPs Screen
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to display SEP modules for that group only. The default value is --All--, which displays SEP modules for all groups.
Active Sessions
The number of currently active sessions.
Total Sessions
The total number of sessions since the VPN Concentrator was last booted or reset.
SEP
The SEP module that the sessions are using.
Not on SEP = using software encryption, or not using encryption.
The number of active sessions using this SEP module. The sum of this column equals the total number of Active Sessions shown above.
Bar Graph
The percentage of sessions using this SEP module relative to the total active sessions, as a horizontal bar graph. Each segment of the bar in the column heading represents 25 percent.
Percentage
The percentage of sessions using this SEP module relative to the total active sessions, as a number. The sum of this column equals 100 percent (rounded).
Monitoring | Sessions | Encryption
This screen graphically displays the data encryption algorithms used by currently active user and administrator sessions on the VPN Concentrator.
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to monitor data encryption algorithms used by currently active users in that group only. The default value is --All--, which displays data encryption algorithms for all groups.
Active Sessions
The number of currently active sessions.
Total Sessions
The total number of sessions since the VPN Concentrator was last booted or reset.
Encryption
The data encryption algorithm that the sessions are using:
Other = other than listed below.
None = no data encryption.
DES-56 = Data Encryption Standard algorithm with a 56-bit key.
DES-40 = DES encryption with a 56-bit key, 40 bits of which are private.
3DES-168 = Triple-DES encryption with a 168-bit key.
RC4-40 Stateless = RSA RC4 encryption with a 40-bit key, and with keys changed on every packet.
RC4-40 Stateful = RSA RC4 encryption with a 40-bit key, and with keys changed after some number of packets or whenever a packet is lost.
RC4-128 Stateless = RSA RC4 encryption with a 128-bit key, and with keys changed on every packet.
RC4-128 Stateful = RSA RC4 encryption with a 128-bit key, and with keys changed after some number of packets or whenever a packet is lost.
AES-128 = Advanced Encryption Standard (AES) encryption with a 128-bit key.
AES-192 = AES encryption with a 192-bit key.
AES-256 = AES encryption with a 256-bit key.
Sessions
The number of active sessions using this encryption algorithm. The sum of this column equals the total number of Active Sessions shown above.
Bar Graph
The percentage of sessions using this encryption algorithm relative to the total active sessions, as a horizontal bar graph. Each segment of the bar in the column heading represents 25 percent.
Percentage
The percentage of sessions using this encryption algorithm relative to the total active sessions, as a number. The sum of this column equals 100 percent (rounded).
Monitoring | Sessions | Top Ten Lists
This section of the Manager shows statistics for the top 10 currently active VPN Concentrator sessions, sorted by:
Data: total bytes transmitted and received.
Duration: total time connected.
Throughput: average throughput (bytes/sec).
Figure 14-6 Monitoring | Sessions | Top Ten Lists Screen
Monitoring | Sessions | Top Ten Lists | Data
This screen shows statistics for the top 10 currently active VPN Concentrator sessions, sorted by data, total bytes transmitted and received.
Figure 14-7 Monitoring | Sessions | Top Ten Lists | Data Screen
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to show session statistics for that group only. The default value is --All--, which displays session statistics for all groups.
Username
The login username for the session.
Group
The user's group.
IP Address
The IP address of the session user. This is the address assigned to or supplied by a remote user, or the host address of a networked user. Local identifies the console directly connected to the VPN Concentrator.
Protocol
The protocol that the session is using:
Console = Directly connected console; no protocol.
Debug/Console = Debugging via console (for Cisco use only).
Debug/Telnet = Debugging via Telnet (for Cisco use only).
FTP = File Transfer Protocol.
HTTP = Hypertext Transfer Protocol (web browser).
IPSec = Internet Protocol Security tunneling protocol (remote-access user).
IPSec/LAN-to-LAN = IPSec LAN-to-LAN connection.
IPSec/NAT = IPSec through NAT (Network Address Translation).
L2TP = Layer 2 Tunneling Protocol.
L2TP/IPSec = L2TP over IPSec.
Other = Protocol other than those listed here.
PPTP = Point-to-Point Tunneling Protocol.
SNMP = Simple Network Management Protocol.
Telnet = Terminal emulation protocol.
TFTP = Trivial File Transfer Protocol.
Encryption
The data encryption algorithm that the session is using:
None = No data encryption.
DES-40 = Data Encryption Standard algorithm with a 56-bit key, 40 bits of which are private.
DES-56 = DES encryption with a 56-bit key.
3DES-168 = Triple-DES encryption with a 168-bit key.
RC4-40 Stateless = RSA RC4 encryption with a 40-bit key, and with keys changed on every packet.
RC4-40 Stateful = RSA RC4 encryption with a 40-bit key, and with keys changed after some number of packets or whenever a packet is lost.
RC4-128 Stateless = RSA RC4 encryption with a 128-bit key, and with keys changed on every packet.
RC4-128 Stateful = RSA RC4 encryption with a 128-bit key, and with keys changed after some number of packets or whenever a packet is lost.
AES-128 = Advanced Encryption Standard (AES) encryption with a 128-bit key.
AES-192 = AES encryption with a 192-bit key.
AES-256 = AES encryption with a 256-bit key.
Login Time
The date and time that this session logged in: MM/DD/YYYY HH:MM:SS. Time is in 24-hour notation.
Total Bytes
The total number of bytes transmitted and received by this session. N/A = the session is not passing data, in other words, it is an administrator session.
Monitoring | Sessions | Top Ten Lists | Duration
This screen shows statistics for the top 10 currently active VPN Concentrator sessions, sorted by duration: total time connected.
Figure 14-8 Monitoring | Sessions | Top Ten Lists | Duration Screen
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to show session statistics for that group only. The default value is --All--, which displays session statistics for all groups.
Username
The login username for the session.
Group
The user's group.
IP Address
The IP address of the session user. This is the address assigned to or supplied by a remote user, or the host address of a networked user. Local identifies the console directly connected to the VPN Concentrator.
Protocol
The protocol that the session is using:
Console = Directly connected console; no protocol.
Debug/Console = Debugging via console (for Cisco use only).
Debug/Telnet = Debugging via Telnet (for Cisco use only).
FTP = File Transfer Protocol.
HTTP = Hypertext Transfer Protocol (web browser).
IPSec = Internet Protocol Security tunneling protocol (remote-access user).
IPSec/LAN-to-LAN = IPSec LAN-to-LAN connection.
IPSec/NAT = IPSec through NAT (Network Address Translation).
L2TP = Layer 2 Tunneling Protocol.
L2TP/IPSec = L2TP over IPSec.
Other = Protocol other than those listed here.
PPTP = Point-to-Point Tunneling Protocol.
SNMP = Simple Network Management Protocol.
Telnet = Terminal emulation protocol.
TFTP = Trivial File Transfer Protocol.
Encryption
The data encryption algorithm that the session is using.
None = no data encryption.
DES-40 = Data Encryption Standard algorithm with a 56-bit key, 40 bits of which are private.
DES-56 = DES encryption with a 56-bit key.
3DES-168 = Triple-DES encryption with a 168-bit key.
RC4-40 Stateless = RSA RC4 encryption with a 40-bit key, and with keys changed on every packet.
RC4-40 Stateful = RSA RC4 encryption with a 40-bit key, and with keys changed after some number of packets or whenever a packet is lost.
RC4-128 Stateless = RSA RC4 encryption with a 128-bit key, and with keys changed on every packet.
RC4-128 Stateful = RSA RC4 encryption with a 128-bit key, and with keys changed after some number of packets or whenever a packet is lost.
AES-128 = Advanced Encryption Standard (AES) encryption with a 128-bit key.
AES-192 = AES encryption with a 192-bit key.
AES-256 = AES encryption with a 256-bit key.
Login Time
The date and time that this session logged in: MM/DD/YYYY HH:MM:SS. Time is in 24-hour notation.
Duration
The total amount of time that this session has been connected: HH:MM:SS.
Monitoring | Sessions | Top Ten Lists | Throughput
This screen shows statistics for the top 10 currently active VPN Concentrator sessions, sorted by average throughput (bytes/sec).
Figure 14-9 Monitoring | Sessions | Top Ten Lists | Throughput Screen
Refresh
To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.
Group
Choose a group from the menu to show session statistics for that group only. The default value is --All--, which displays session statistics for all groups.
Username
The login username for the session.
Group
The user's group.
IP Address
The IP address of the session user. This is the address assigned to or supplied by a remote user, or the host address of a networked user. Local identifies the console directly connected to the VPN Concentrator.
Protocol
The protocol that the session is using:
Console = Directly connected console; no protocol.
Debug/Console = Debugging via console (for Cisco use only).
Debug/Telnet = Debugging via Telnet (for Cisco use only).
FTP = File Transfer Protocol.
HTTP = Hypertext Transfer Protocol (web browser).
IPSec = Internet Protocol Security tunneling protocol (remote-access user).
IPSec/LAN-to-LAN = IPSec LAN-to-LAN connection.
IPSec/NAT = IPSec through NAT (Network Address Translation).
L2TP = Layer 2 Tunneling Protocol.
L2TP/IPSec = L2TP over IPSec.
Other = Protocol other than those listed here.
PPTP = Point-to-Point Tunneling Protocol.
SNMP = Simple Network Management Protocol.
Telnet = Terminal emulation protocol.
TFTP = Trivial File Transfer Protocol.
Encryption
The data encryption algorithm that the session is using.
None = No data encryption.
DES-40 = Data Encryption Standard algorithm with a 56-bit key, 40 bits of which are private.
DES-56 = DES encryption with a 56-bit key.
3DES-168 = Triple-DES encryption with a 168-bit key.
RC4-40 Stateless = RSA RC4 encryption with a 40-bit key, and with keys changed on every packet.
RC4-40 Stateful = RSA RC4 encryption with a 40-bit key, and with keys changed after some number of packets or whenever a packet is lost.
RC4-128 Stateless = RSA RC4 encryption with a 128-bit key, and with keys changed on every packet.
RC4-128 Stateful = RSA RC4 encryption with a 128-bit key, and with keys changed after some number of packets or whenever a packet is lost.
AES-128 = Advanced Encryption Standard (AES) encryption with a 128-bit key.
AES-192 = AES encryption with a 192-bit key.
AES-256 = AES encryption with a 256-bit key.
Login Time
The date and time that this session logged in: MM/DD/YYYY HH:MM:SS. Time is in 24-hour notation.
Avg. Throughput (bytes/sec)
The average throughput of the session, which is [total bytes transmitted and received] divided by total connect time. N/A = the session is not passing data, in other words, it is an administrator session.