cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 13

Remote Access VPN Tunnels - Sessions User Data Question for ASA Insight

I am noticing some potential weirdness with the data found in the ASA Insight data for Remote Access VPN Tunnels sessions.  For example, I'm noticing some users who are showing as connected for months and months and months.  That just isn't possible.  Most of our users work in the office a few days (where they wouldn't connect to the VPN) and from home other days (where they would connect to the VPN).  So how could they possibly be connected continuously for months.  Even if these users were full time work from home users, there's no way they would be constantly connected day in and day out for months and months and months.  The laptops get shut down and disconnected all the time.  See screenshot below:

pastedImage_0.png

My other issue is that I picked out a random user and contacted him to see if he was currently connected to the VPN.  He said he was, yet when I looked him up in the sessions table, it said he was currently disconnected and that he had last connected for less than 20 minutes that morning.  Also, it seems to display time data in UTC time because, for example, it said the user I contacted was connected from 12:06pm to 12:25pm.   It was 11:20am when I checked...  He did say he logged in at around 7am EST that morning, which would be 12pm UTC time.  Why is the data in the table not automatically mapped to the browsers local time like nearly every other widget in Orion?   See screenshot below:

pastedImage_1.png

Is anyone else seeing inaccurate data like this for user sessions?  The Firewall team is requesting some reports based on connection data in SolarWinds, but I don't want to spend a bunch of time creating this report if the data in it won't be accurate.

Labels (3)
0 Kudos
5 Replies
Level 7

I am seeing the exact same issue here. Any progress?

0 Kudos

I'm seeing some strange numbers here as well. Not for all ASA devices. But I think NPM is bringing back the data from the device where the number are being held. But it would be nice to know which calculation is used or how these numbers are gathered. 

 

Device showing 29K connections from the platform Subview

Connections in Use.jpg

The stats in the VPN Remote Access SubView shows only 1,483

 

Connected.jpg

0 Kudos

Also having a lot of issues with this type of report currently. We have users missing that know they were connected, etc. 

All data drops when we hit around 3-4k active users. 

With all the users working from home, we REALLY need this type of data to work, and any help would be appreciated. 

We're having to go to another tool at this point. I'll have a really hard time justifying spend on this tool going forward if this isn't working. It's highly visible at this point.

 

I fixed my issues by deleting the problem ASA's and then re-adding the devices. The VPN Remote Access stats came back straight away and working well now. 

0 Kudos

I tried this with one, and it looks like it's stopped polling for CLI entirely now. No ASA Remote Access stats at all now for that device

Did you bounce services afterwards ?

0 Kudos