I think the closest you'll get to that data is Network Wide>Clients and Network Wide>Traffic Analytics. But I do not believe there is an equivalent to that command. What type of data are you wanting to get?
We have an M84 <--> ASA5512X VPN that keeps going down. It's been happening for a year now, and I cannot figure it out.
I was wondering if we are exceeding the number of connections that the firewalls support. I don't know what happens when you do, but I am at my wits end.
I see that there are other people with the same issue (https://community.meraki.com/t5/Security-SD-WAN/VPN-stops-passing-traffic-between-Meraki-Security-Ap...).
Have you looked through Network Wide>Event Log and change it to the security appliance and then filtered for the VPN related event types to see if there are any clues in there?
I have a little, and Meraki support did, but to be honest I haven't in a few months. I didn't see anything that leaps out at me the last time I looked. You're right, I should keep an eye on it.
Let me note that the tunnel stays up for anywhere from 1 hour to 1 month before it goes down.
I see lots of these - and was told that the ASA is misconfigured. But how can that be if the tunnel comes up and stays up?
|Sep 6 14:24:19||Non-Meraki / Client VPN negotiation||msg: notification NO-PROPOSAL-CHOSEN received in informational exchange.|
|Sep 6 14:02:44||Non-Meraki / Client VPN negotiation||msg: 18.104.22.168 give up to get IPsec-SA due to time up to wait.|
It can come up but be unreliable if things like the Phase 1, Phase 2 lifetimes don't match etc. Have you checked all of those things to verify they match on both sides?
As far as I can see everything is set to 86400. On Meraki it definitely is. On my ASA all my IKE policies are 86400, IPsec IKEv2 has the following:
Based on the events you provided on from the Meraki side - it seems that the ASA is choosing not to respond to some event. You will need to look at the ASA log when the issue is happening to see why it is not happy.