• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 39 subscribers
  • Views 1758 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Remote Access VPN Tunnels - Sessions User Data Question for ASA Insight

xtraspecialj

I am noticing some potential weirdness with the data found in the ASA Insight data for Remote Access VPN Tunnels sessions.  For example, I'm noticing some users who are showing as connected for months and months and months.  That just isn't possible.  Most of our users work in the office a few days (where they wouldn't connect to the VPN) and from home other days (where they would connect to the VPN).  So how could they possibly be connected continuously for months.  Even if these users were full time work from home users, there's no way they would be constantly connected day in and day out for months and months and months.  The laptops get shut down and disconnected all the time.  See screenshot below:

pastedImage_0.png

My other issue is that I picked out a random user and contacted him to see if he was currently connected to the VPN.  He said he was, yet when I looked him up in the sessions table, it said he was currently disconnected and that he had last connected for less than 20 minutes that morning.  Also, it seems to display time data in UTC time because, for example, it said the user I contacted was connected from 12:06pm to 12:25pm.   It was 11:20am when I checked...  He did say he logged in at around 7am EST that morning, which would be 12pm UTC time.  Why is the data in the table not automatically mapped to the browsers local time like nearly every other widget in Orion?   See screenshot below:

pastedImage_1.png

Is anyone else seeing inaccurate data like this for user sessions?  The Firewall team is requesting some reports based on connection data in SolarWinds, but I don't want to spend a bunch of time creating this report if the data in it won't be accurate.

  • 0

    I am seeing the exact same issue here. Any progress?

  • 0 in reply to linuxsurfer

    I'm seeing some strange numbers here as well. Not for all ASA devices. But I think NPM is bringing back the data from the device where the number are being held. But it would be nice to know which calculation is used or how these numbers are gathered. 

    Device showing 29K connections from the platform Subview

    Connections in Use.jpg

    The stats in the VPN Remote Access SubView shows only 1,483

    Connected.jpg

  • 0 in reply to rocco_2016

    Also having a lot of issues with this type of report currently. We have users missing that know they were connected, etc. 

    All data drops when we hit around 3-4k active users. 

    With all the users working from home, we REALLY need this type of data to work, and any help would be appreciated. 

    We're having to go to another tool at this point. I'll have a really hard time justifying spend on this tool going forward if this isn't working. It's highly visible at this point.

  • 0 in reply to throwawayStat

    I fixed my issues by deleting the problem ASA's and then re-adding the devices. The VPN Remote Access stats came back straight away and working well now. 

  • 0 in reply to rocco_2016

    I tried this with one, and it looks like it's stopped polling for CLI entirely now. No ASA Remote Access stats at all now for that device

    Did you bounce services afterwards ?

  • 0 in reply to rocco_2016

    I was searching for something similar and ran across this post.  The number of connected Remote Access clients is not the same thing as the "Connections in use" chart that is shown in the red box above.  If you run the 'show conn' command on the ASA, that number is what is being displayed - its the total number of TCP and UDP connections open on the ASA.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.