4 Replies Latest reply on Oct 7, 2019 2:43 PM by dmel

    Where does NCM pull VPN tunnel info from?


      I have just noticed that on one (I haven't investigated other yet) of our ASA nodes that NCM shows us to have 6 Site-to-site VPN tunnels, 5 of which show down status.


      Our issue here is, there is only one configured site to site tunnel on this ASA. Where is NCM picking up the other 5 that don't exist?

        • Re: Where does NCM pull VPN tunnel info from?

          I think this question should be in the NPM section and NCM does not provide this info. But could the other 5 tunnels just be old ones that have been deleted over time?


          Do they show as down - red? or are they just unreachable - grey?

            • Re: Where does NCM pull VPN tunnel info from?

              I think I might have found my answer.


              These specific tunnels never existed on this ASA at all. However, it appears that something was attempting to MAKE a S2S VPN connection using several different IPs in series when I happened to notice this in Orion.

              Looking this morning and I only see the 1 S2S VPN that SHOULD be there, and not the others that I saw last week.


              I will keep an eye open to see if this is a common occurrence across all our firewalls.



              EDIT: I checked our office firewall after I replied and I see 23 VPN tunnels all in DOWN state because of PHASE 1 failure. We have never had more than 5 S2S VPN tunnels setup on this firewall. Further evidence that these tunnels are being added to the profile simply because they show up as attempts in the firewall log?!?!?

              • Re: Where does NCM pull VPN tunnel info from?

                These are/were showing as red.


                If you have seen my recent posts, this is basically a fresh install of Orion. Manually added all of our firewalls to this install. There is no reason for any residual tunnels to be showing. In fact one of the firewalls we have only ever had 2 tunnels configured at all, and these that show down, were never on the firewall.