Table Of Contents

show aaa kerberos through show asdm sessions Commands

show aaa kerberos

show aaa local user

show aaa-server

show access-list

show activation-key

show ad-groups

show admin-context

show arp

show arp-inspection

show arp statistics

show asdm history

show asdm image

show asdm log_sessions

show asdm sessions

show aaa kerberos through show asdm sessions Commands

---

show aaa kerberos

To display all the Kerberos tickets cached on the ASA, use the show aaa kerberos command in webvpn configuration mode.

show aaa kerberos [username user | host ip | hostname]

Syntax Description

host	Specifies the specific host that you want to view.
hostname	Specifies the hostname.
ip	Specifies the IP address for the host.
username	Specifies the specific user that you want to view.

Defaults

No defaults exist for this command.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Webvpn configuration	•	—	•	—	—

Command History

Release	Modification
8.4(1)	This command was introduced.

Usage Guidelines

Use the show aaa kerberos command in webvpn configuration mode to view all the Kerberos tickets cached on the ASA. The username and host keywords are used to view the Kerberos tickets of a specific user or host.

Examples

The following example shows the usage of the show aaa kerberos command:

hostname(config)# show aaa kerberos

Default Principal 						Valid Starting 				Expires 				Service Principal 
kcduser@example.com 						06/29/10 17:33:00 				06/30/10 17:33:00 				asa$/mycompany.com@example.com 
kcduser@example.com 						06/29/10 17:33:00 				06/30/10 17:33:00				
http/owa.mycompany.com@example.com 

Related Commands

Command	Description
clear aaa kerberos	Clears all the Kerberos tickets cached on the ASA.
clear configure aaa-server	Removes all AAA command statements from the configuration.
show running-config aaa-server	Displays AAA server statistics for all AAA servers, for a particular server group, for a particular server within a particular group, or for a particular protocol.

show aaa local user

To show the list of usernames that are currently locked, or to show details about the username, use the show aaa local user command in global configuration mode.

show aaa local user [locked]

Syntax Description

locked

(Optional) Shows the list of usernames that are currently locked.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

If you omit the optional keyword locked, the ASA displays the failed-attempts and lockout status details for all AAA local users.

You can specify a single user by using the username option or all users with the all option.

This command affects only the status of users that are locked out.

The administrator cannot be locked out of the device.

Examples

The following example shows use of the show aaa local user command to display the lockout status of all usernames:

This example shows the use of the show aaa local user command to display the number of failed authentication attempts and lockout status details for all AAA local users, after the limit has been set to 5:

hostname(config)# aaa local authentication attempts max-fail 5

hostname(config)# show aaa local user

Lock-time  Failed-attempts      Locked  User

    -                   6       Y       test

    -                   2       N       mona

    -                   1       N       cisco

    -                   4       N       newuser

hostname(config)# 

This example shows the use of the show aaa local user command with the lockout keyword to display the number of failed authentication attempts and lockout status details only for any locked-out AAA local users, after the limit has been set to 5:

hostname(config)# aaa local authentication attempts max-fail 5

hostname(config)# show aaa local user

Lock-time  Failed-attempts      Locked  User

    -                   6       Y       test

hostname(config)# 

Related Commands

Command	Description
aaa local authentication attempts max-fail	Configures the maximum number of times a user can enter a wrong password before being locked out.
clear aaa local user fail-attempts	Resets the number of failed attempts to 0 without modifying the lockout status.
clear aaa local user lockout	Clears th e lockout status of the specified user or all users and sets their failed attempts counters to 0.

show aaa-server

To display AAA server statistics for AAA servers, use the show aaa-server command in privileged EXEC mode.

show aaa-server [LOCAL | groupname [host hostname] | protocol protocol]

Syntax Description

LOCAL	(Optional) Shows statistics for the LOCAL user database.
groupname	(Optional) Shows statistics for servers in a group.
host hostname	(Optional) Shows statistics for a particular server in the group.
protocol protocol	(Optional) Shows statistics for servers of the following specified protocols: •kerberos •ldap •nt •radius •sdi •tacacs+

Defaults

By default, all AAA server statistics display.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.1(1)	The http-form protocol was added.
8.0(2)	The server status shows if the status was changed manually using the aaa-server active command or fail command.

Examples

The following is sample output from the show aaa-server command:

hostname(config)# show aaa-server group1 host 192.68.125.60

Server Group:  group1

Server Protocol: RADIUS

Server Address:  192.68.125.60

Server port:  1645

Server status: ACTIVE. Last transaction (success) at 11:10:08 UTC  Fri Aug 22

Number of pending requests        20

Average round trip time           4ms

Number of authentication requests 20

Number of authorization requests  0

Number of accounting requests     0

Number of retransmissions         1

Number of accepts                 16

Number of rejects                 4

Number of challenges              5

Number of malformed responses     0

Number of bad authenticators      0

Number of timeouts                0

Number of unrecognized responses  0

The following table shows field descriptions for the show aaa-server command:

Field	Description
Server Group	The server group name specified by the aaa-server command.
Server Protocol	The server protocol for the server group specified by the aaa-server command.
Server Address	The IP address of the AAA server.
Server port	The communication port used by the ASA and the AAA server. You can specify the RADIUS authentication port using the authentication-port command. You can specify the RADIUS accounting port using the accounting-port command. For non-RADIUS servers, the port is set by the server-port command.
Server status	The status of the server. One of the following values appears: •ACTIVE—The ASA will communicate with this AAA server. •FAILED—The ASA cannot communicate with the AAA server. Servers that are put into this state remain there for some period of time, depending on the policy configured, and are then reactivated. If the status is followed by "(admin initiated)," then the server was manually failed or reactivated using the aaa-server active command or fail command. The date and time of the last transaction appear in the following form: Last transaction ({success | failure}) at time timezone date If the ASA has never communicated with the server, the message shows as the following: Last transaction at Unknown
Number of pending requests	The number of requests that are still in progress.
Average round trip time	The average time that it takes to complete a transaction with the server.
Number of authentication requests	The number of authentication requests sent by the ASA. This value does not include retransmissions after a timeout.
Number of authorization requests	The number of authorization requests. This value refers to authorization requests due to command authorization, authorization for through-the-box traffic (for TACACS+ servers), or for WebVPN and IPsec authorization functionality enabled for a tunnel group. This value does not include retransmissions after a timeout.
Number of accounting requests	The number of accounting requests. This value does not include retransmissions after a timeout.
Number of retransmissions	The number of times a message was retransmitted after an internal timeout. This value applies only to Kerberos and RADIUS servers (UDP).
Number of accepts	The number of successful authentication requests.
Number of rejects	The number of rejected requests. This value includes error conditions as well as true credential rejections from the AAA server.
Number of challenges	The number of times the AAA server required additional information from the user after receiving the initial username and password information.
Number of malformed responses	N/A. Reserved for future use.
Number of bad authenticators	The number of times that one of the following occurs: •The "authenticator" string in the RADIUS packet is corrupted (rare). •The shared secret key on the ASA does not match the one on the RADIUS server. To fix this problem, enter the correct server key. This value only applies to RADIUS.
Number of timeouts	The number of times the ASA has detected that a AAA server is not responsive or otherwise misbehaving and has declared it offline.
Number of unrecognized responses	The number of times that the ASA received a response from the AAA server that it could not recognize or support. For example, the RADIUS packet code from the server was an unknown type, something other than the known "access-accept," "access-reject," "access-challenge," or "accounting-response" types. Typically, this means that the RADIUS response packet from the server was corrupted, which is rare.

Related Commands

Command	Description
show running-config aaa-server	Displays statistics for all servers in the indicated server group or for a particular server.
clear aaa-server statistics	Clears the AAA server statistics.

show access-list

To display the hit counters and a timestamp value for an access list, use the show access-list command in privileged EXEC mode.

show access-list id_1 [...[id_2]] [brief]

Syntax Description

brief	(Optional) Displays the access list identifiers, the hit count, and the timestamp of the last rule hit, all in hexadecimal format.
id_1	A name or set of characters that identifies an existing access list.
id_2	(Optional) A name or set of characters that identifies an existing access list.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.0(2)	Support for the brief keyword was introduced.
8.3(1)	Modified ACE show pattern to display ACL timestamp.

Usage Guidelines

You can display multiple access lists at one time by entering the access list identifiers in one command.

You can specify the brief keyword to display access list hit count, identifiers, and timestamp information in hexadecimal format. The configuration identifiers displayed in hexadecimal format are presented in three columns, and they are the same identifiers used in syslogs 106023 and 106100.

Clustering Guidelines

When using ASA clustering, if traffic is received by a single unit, the other units may still show a hit count for the ACL due to the clustering director logic. This is an expected behavior. Because the unit that did not receive any packets directly from the client may receive forwarded packets over the cluster control link for an owner request, the unit may check the ACL before sending the packet back to the receiving unit. As a result, the ACL hit count will be increased even though the unit did not pass the traffic.

Examples

The following examples show brief information about the specified access policy in hexadecimal format (ACEs in which the hitcount is not zero). The first two columns display identifiers in hexadecimal format, the third column lists the hit count, and the fourth column displays the timestamp value, also in hexadecimal format. The hit count value represents the number of times the rule has been hit by traffic. The timestamp value reports the time of the last hit. If the hit count is zero, no information is displayed.

The following is sample output from the show access-list command and shows the access list name "test," which is applied on an outside interface in the "IN" direction:

hostname# show access-list test 

access-list test; 3 elements; name hash: 0xcb4257a3

access-list test line 1 extended permit icmp any any (hitcnt=0) 0xb422e9c2

access-list test line 2 extended permit object-group TELNET-SSH object-group S1 
object-group D1 0x44ae5901

  access-list test line 2 extended permit tcp 100.100.100.0 255.255.255.0 10.10.10.0 
255.255.255.0 eq telnet (hitcnt=1) 0xca10ca21

  access-list test line 2 extended permit tcp 100.100.100.0 255.255.255.0 10.10.10.0 
255.255.255.0 eq ssh(hitcnt=1) 0x5b704158

The following is sample output from the show access-list command when object-group-search group is not enabled:

hostname# show access-list KH-BLK-Tunnel

access-list KH-BLK-Tunnel; 9 elements

access-list KH-BLK-Tunnel line 1 extended permit ip object-group KH-LAN object-group 
BLK-LAN 0x724c956b

   access-list KH-BLK-Tunnel line 1 extended permit ip 192.168.97.0 255.255.255.0 
192.168.4.0 255.255.255.0 (hitcnt=10) 0x30fe29a6

   access-list KH-BLK-Tunnel line 1 extended permit ip 13.13.13.0 255.255.255.0 
192.168.4.0 255.255.255.0 (hitcnt=4) 0xc6ef2338

   access-list KH-BLK-Tunnel line 1 extended permit ip 192.168.97.0 255.255.255.0 
14.14.14.0 255.255.255.0 (hitcnt=2) 0xce8596ec

   access-list KH-BLK-Tunnel line 1 extended permit ip 13.13.13.0 255.255.255.0 14.14.14.0 
255.255.255.0 (hitcnt=0) 0x9a2f1c4d

access-list KH-BLK-Tunnel line 2 extended permit ospf interface pppoe1 host 87.139.87.200 
(hitcnt=0) 0xb62d5832

access-list KH-BLK-Tunnel line 3 extended permit ip interface pppoe1 any (hitcnt=0) 
0xa2c9ed34

access-list KH-BLK-Tunnel line 4 extended permit ip host 1.1.1.1 any (hitcnt=0) 0xd06f7e6b

access-list KH-BLK-Tunnel line 5 extended deny ip 1.1.0.0 255.255.0.0 any (hitcnt=0) 
0x9d979934

access-list KH-BLK-Tunnel line 6 extended permit ip 1.1.1.0 255.255.255.0 any (hitcnt=0) 
0xa52a0761

The following is sample output from the show access-list command when object-group-search group is enabled:

hostname# show access-list KH-BLK-Tunnel

access-list KH-BLK-Tunnel; 6 elements

access-list KH-BLK-Tunnel line 1 extended permit ip object-group KH-LAN(1) object-group 
BLK-LAN(2)(hitcount=16) 0x724c956b

access-list KH-BLK-Tunnel line 2 extended permit ospf interface pppoe1 host 87.139.87.200 
(hitcnt=0) 0xb62d5832

access-list KH-BLK-Tunnel line 3 extended permit ip interface pppoe1 any (hitcnt=0) 
0xa2c9ed34

access-list KH-BLK-Tunnel line 4 extended permit ip host 1.1.1.1 any (hitcnt=0) 0xd06f7e6b

access-list KH-BLK-Tunnel line 5 extended deny ip 1.1.0.0 255.255.0.0 any (hitcnt=0) 
0x9d979934

access-list KH-BLK-Tunnel line 6 extended permit ip 1.1.1.0 255.255.255.0 any (hitcnt=0) 
0xa52a0761

The following is sample output from the show access-list brief command when Telnet traffic is passed:

hostname (config)# sh access-list test brief

access-list test; 3 elements; name hash: 0xcb4257a3

ca10ca21 44ae5901 00000001 4a68aa7e

The following is sample output from the show access-list brief command when SSH traffic is passed:

hostname (config)# sh access-list test brief

access-list test; 3 elements; name hash: 0xcb4257a3

ca10ca21 44ae5901 00000001 4a68aa7e

5b704158 44ae5901 00000001 4a68aaa9

The following is sample output from the show access-list command and shows the access list name "test," which is applied on an outside interface in the "IN" direction, with ACL Optimization enabled:

hostname# show access-list test

access-list test; 3 elements; name hash: 0xcb4257a3

access-list test line 1 extended permit icmp any any (hitcnt=0) 0xb422e9c2

access-list test line 2 extended permit object-group TELNET-SSH object-group S1 
object-group D1 0x44ae5901

  access-list test line 2 extended permit tcp object-group S1(1) object-group D1(2) eq 
telnet (hitcnt=1) 0x7b1c1660

  access-list test line 2 extended permit tcp object-group S1(1) object-group D1(2) eq ssh 
(hitcnt=1) 0x3666f922

The following is sample output from the show access-list brief command when Telnet traffic is passed:

hostname (config)# sh access-list test brief

access-list test; 3 elements; name hash: 0xcb4257a3

7b1c1660 44ae5901 00000001 4a68ab51

The following is sample output from the show access-list brief command when SSH traffic is passed:

hostname (config)# sh access-list test brief

access-list test; 3 elements; name hash: 0xcb4257a3

7b1c1660 44ae5901 00000001 4a68ab51

3666f922 44ae5901 00000001 4a68ab66

Related Commands

Command	Description
access-list ethertype	Configures an access list that controls traffic based on its EtherType.
access-list extended	Adds an access list to the configuration and configures policy for IP traffic through the firewall.
clear access-list	Clears an access list counter.
clear configure access-list	Clears an access list from the running configuration.
show running-config access-list	Displays the current running access-list configuration.

show activation-key

To display the permanent license, active time-based licenses, and the running license, which is a combination of the permanent license and active time-based licenses. use the show activation-key command in privileged EXEC mode. For failover units, this command also shows the "Failover cluster" license, which is the combined keys of the primary and secondary units.

show activation-key [detail]

Syntax Description

detail

Shows inactive time-based licenses.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command.

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.
8.0(4)	The detail keyword was added.
8.2(1)	The output was modified to include additional licensing information.
8.3(1)	The output now includes whether a feature uses the permanent or time-based key, as well as the duration of the time-based key in use. It also shows all installed time-based keys, both active and inactive.
8.4(1)	Support for No Payload Encryption models.

Usage Guidelines

Some permanent licenses require you to reload the ASA after you activate them. Table 44-1 lists the licenses that require reloading.

Table 44-1 Permanent License Reloading Requirements

Model	License Action Requiring Reload
ASA 5505 and ASA 5510	Changing between the Base and Security Plus license.
All models	Changing the Encryption license.
All models	Downgrading any permanent license (for example, going from 10 contexts to 2 contexts).

If you need to reload, then the show activation-key output reads as follows:

The flash activation key is DIFFERENT from the running key.

The flash activation key takes effect after the next reload. 

If you have a No Payload Encryption model, then when you view the license, VPN and Unified Communications licenses will not be listed.

Examples

Example 44-1 Standalone Unit Output for show activation-key

The following is sample output from the show activation-key command for a standalone unit that shows the running license (the combined permanent license and time-based licenses), as well as each active time-based license:

hostname# show activation-key

Serial Number:  JMX1232L11M

Running Permanent Activation Key: 0xce06dc6b 0x8a7b5ab7 0xa1e21dd4 0xd2c4b8b8 0xc4594f9c 

Running Timebased Activation Key: 0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285 

Running Timebased Activation Key: 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited  perpetual

Maximum VLANs                : 50         perpetual

Inside Hosts                 : Unlimited  perpetual

Failover                     : Disabled   perpetual

VPN-DES                      : Enabled    perpetual

VPN-3DES-AES                 : Enabled    perpetual

Security Contexts            : 0          perpetual

GTP/GPRS                     : Disabled   perpetual

SSL VPN Peers                : 2          perpetual

Total VPN Peers              : 250        perpetual

Shared License               : Disabled   perpetual

AnyConnect for Mobile        : Disabled   perpetual

AnyConnect for Linksys phone : Disabled   perpetual

AnyConnect Essentials        : Enabled    perpetual

Advanced Endpoint Assessment : Disabled   perpetual

UC Phone Proxy Sessions      : 12         62 days

Total UC Proxy Sessions      : 12         62 days

Botnet Traffic Filter        : Enabled    646 days

This platform has a Base license.

The flash permanent activation key is the SAME as the running permanent key.

Active Timebased Activation Key:

0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285

Botnet Traffic Filter        : Enabled    646 days

0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2

Total UC Proxy Sessions      : 10         62 days

Example 44-2 Standalone Unit Output for show activation-key detail

The following is sample output from the show activation-key detail command for a standalone unit that shows the running license (the combined permanent license and time-based licenses), as well as the permanent license and each installed time-based license (active and inactive):

hostname# show activation-key detail

Serial Number:  88810093382

Running Permanent Activation Key: 0xce06dc6b 0x8a7b5ab7 0xa1e21dd4 0xd2c4b8b8 0xc4594f9c 

Running Timebased Activation Key: 0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285 

Licensed features for this platform:

Maximum Physical Interfaces    : 8              perpetual

VLANs                          : 20             DMZ Unrestricted

Dual ISPs                      : Enabled        perpetual

VLAN Trunk Ports               : 8              perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Standby perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 25             perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Enabled        39 days

Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5505 Security Plus license.

Running Permanent Activation Key: 0xce06dc6b 0x8a7b5ab7 0xa1e21dd4 0xd2c4b8b8 0xc4594f9c

Licensed features for this platform:

Maximum Physical Interfaces    : 8              perpetual

VLANs                          : 20             DMZ Unrestricted

Dual ISPs                      : Enabled        perpetual

VLAN Trunk Ports               : 8              perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Standby perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 25             perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.

Active Timebased Activation Key:

0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285 

Botnet Traffic Filter           : Enabled    39 days

Inactive Timebased Activation Key:

0xyadayada3 0xyadayada3 0xyadayada3 0xyadayada3 0xyadayada3 

SSL VPN Peers                   : 100        7 days

Example 44-3 Primary Unit Output in a Failover Pair for show activation-key detail

The following is sample output from the show activation-key detail command for the primary failover unit that shows:

•The primary unit license (the combined permanent license and time-based licenses).

•The "Failover Cluster" license, which is the combined licenses from the primary and secondary units. This is the license that is actually running on the ASA. The values in this license that reflect the combination of the primary and secondary licenses are in bold.

•The primary unit permanent license.

•The primary unit installed time-based licenses (active and inactive).

hostname# show activation-key detail

Serial Number:  P3000000171

Running Permanent Activation Key: 0xce06dc6b 0x8a7b5ab7 0xa1e21dd4 0xd2c4b8b8 0xc4594f9c 

Running Timebased Activation Key: 0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285 

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

Security Contexts              : 10             perpetual

GTP/GPRS                       : Enabled        perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Enabled        33 days

Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Failover cluster licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

Security Contexts              : 10             perpetual

GTP/GPRS                       : Enabled        perpetual

SSL VPN Peers                  : 4              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual Advanced Endpoint Assessment   : 
Disabled       perpetual

UC Phone Proxy Sessions        : 4              perpetual

Total UC Proxy Sessions        : 4              perpetual

Botnet Traffic Filter          : Enabled        33 days

Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Running Permanent Activation Key: 0xce06dc6b 0x8a7b5ab7 0xa1e21dd4 0xd2c4b8b8 0xc4594f9c

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Disabled       perpetual

Security Contexts              : 2              perpetual

GTP/GPRS                       : Disabled       perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual 

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.

Active Timebased Activation Key:

0xa821d549 0x35725fe4 0xc918b97b 0xce0b987b 0x47c7c285 

Botnet Traffic Filter           : Enabled    33 days

Inactive Timebased Activation Key:

0xyadayad3 0xyadayad3 0xyadayad3 0xyadayad3 0xyadayad3 

Security Contexts               : 2          7 days

SSL VPN Peers                   : 100        7 days

0xyadayad4 0xyadayad4 0xyadayad4 0xyadayad4 0xyadayad4     

Total UC Proxy Sessions         : 100        14 days

Example 44-4 Secondary Unit Output in a Failover Pair for show activation-key detail

The following is sample output from the show activation-key detail command for the secondary failover unit that shows:

•The secondary unit license (the combined permanent license and time-based licenses).

•The "Failover Cluster" license, which is the combined licenses from the primary and secondary units. This is the license that is actually running on the ASA. The values in this license that reflect the combination of the primary and secondary licenses are in bold.

•The secondary unit permanent license.

•The secondary installed time-based licenses (active and inactive). This unit does not have any time-based licenses, so none display in this sample output.

hostname# show activation-key detail

Serial Number:  P3000000011

Running Activation Key: 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1 

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Disabled       perpetual

Security Contexts              : 2              perpetual

GTP/GPRS                       : Disabled       perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Failover cluster licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

Security Contexts              : 10             perpetual

GTP/GPRS                       : Enabled        perpetual

SSL VPN Peers                  : 4              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 4              perpetual

Total UC Proxy Sessions        : 4              perpetual

Botnet Traffic Filter          : Enabled        33 days

Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Running Permanent Activation Key: 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited      perpetual

Maximum VLANs                  : 150            perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Active/Active  perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Disabled       perpetual

Security Contexts              : 2              perpetual

GTP/GPRS                       : Disabled       perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 750            perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.

Related CommandsSerial Number: JMX1232L11M

Related CommandsRunning Activation Key: 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1

Related CommandsRunning Activation Key: 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2

Related Commands

Related CommandsLicensed features for this platform:

Related CommandsMaximum Physical Interfaces : Unlimited perpetual

Related CommandsMaximum VLANs : 50 perpetual

Related CommandsInside Hosts : Unlimited perpetual

Related CommandsFailover : Disabled perpetual

Related CommandsVPN-DES : Enabled perpetual

Related CommandsVPN-3DES-AES : Enabled perpetual

Related CommandsSecurity Contexts : 0 perpetual

Related CommandsGTP/GPRS : Disabled perpetual

Related CommandsSSL VPN Peers : 2 perpetual

Related CommandsTotal VPN Peers : 250 perpetual

Related CommandsShared License : Disabled perpetual

Related CommandsAnyConnect for Mobile : Disabled perpetual

Related CommandsAnyConnect for Linksys phone : Disabled perpetual

Related CommandsAnyConnect Essentials : Enabled perpetual

Related CommandsAdvanced Endpoint Assessment : Disabled perpetual

Related CommandsUC Phone Proxy Sessions : 12 62 days

Related CommandsTotal UC Proxy Sessions : 12 62 days

Related CommandsBotnet Traffic Filter : Enabled 646 days

Related Commands

Related CommandsThis platform has a Base license.

Related Commands

Related CommandsThe flash permanent activation key is the SAME as the running permanent key.

Related Commands

Related CommandsActive Timebased Activation Key:

Related Commands0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1 0xyadayad1

Related CommandsBotnet Traffic Filter : Enabled 646 days

Related Commands0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2 0xyadayad2

Related CommandsTotal UC Proxy Sessions : 10 62 days

Related Commands

Related CommandsInactive Timebased Activation Key:

Related Commands0xyadayad3 0xyadayad3 0xyadayad3 0xyadayad3 0xyadayad3

Related CommandsSSL VPN Peers : 100 108 days

Related Commands

Command	Description
activation-key	Changes the activation key.

show ad-groups

To display groups that are listed on an Active Directory server, use the show ad-groups command in privileged EXEC mode:

show ad-groups name [filter string]

Syntax Description

name	The name of the Active Directory server group to query.
string	A string within quotes specifying all or part of the group name to search for.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC mode	•	—	•	—	—

Command History

Release	Modification
8.0(4)	This command was introduced.

Usage Guidelines

The show ad-groups command applies only to Active Directory servers that use the LDAP protocol to retrieve groups. Use this command to display AD groups that you can use for dynamic access policy AAA selection criteria.

When the LDAP attribute type = LDAP, the default time that the ASA waits for a response from the server is 10 seconds. You can adjust this time using the group-search-timeout command in aaa-server host configuration mode.

---

Note If the Active Directory server has a large number of groups, the output of the show ad-groups command may be truncated based on limitations of the amount of data the server can fit into a response packet. To avoid this problem, use the filter option to reduce the number of groups reported by the server.

---

Examples

hostname# show ad-groups LDAP-AD17

Server Group    LDAP-AD17                                                                                                           

Group list retrieved successfully                                                                                                   

Number of Active Directory Groups       46                                                                                          

Account Operators                                                                                                                   

Administrators                                                                                                                      

APP-SSL-VPN CIO Users                                                                                                               

Backup Operators                                                                                                                    

Cert Publishers                                                                                                                     

CERTSVC_DCOM_ACCESS                                                                                                                 

Cisco-Eng                                                                                                                           

DHCP Administrators                                                                                                                 

DHCP Users                                                                                                                          

Distributed COM Users                                                                                                               

DnsAdmins                                                                                                                           

DnsUpdateProxy                                                                                                                      

Doctors                                                                                                                             

Domain Admins                                                                                                                       

Domain Computers                                                                                                                    

Domain Controllers                                                                                                                  

Domain Guests                                                                                                                       

Domain Users                                                                                                                        

Employees                                                                                                                           

Engineering                                                                                                                         

Engineering1                                                                                                                        

Engineering2                                                                                                                        

Enterprise Admins                                                                                                                   

Group Policy Creator Owners                                                                                                         

Guests                                                                                                                              

HelpServicesGroup

The next example shows the same command with the filter option:

hostname(config)# show ad-groups LDAP-AD17 filter "Eng" 

.                                                                                                                                   

Server Group    LDAP-AD17                                                                                                           

Group list retrieved successfully                                                                                                   

Number of Active Directory Groups       4                                                                                           

Cisco-Eng                                                                                                                           

Engineering                                                                                                                         

Engineering1                                                                                                                        

Engineering2   

Related Commands

Command	Description
ldap-group-base-dn	Specifies a level in the Active Directory hierarchy where the server begins searching for groups that are used by dynamic group policies.
group-search-timeout	Adjusts the time the ASA waits for a response from an Active Directory server for a list of groups.

show admin-context

To display the context name currently assigned as the admin context, use the show admin-context command in privileged EXEC mode.

show admin-context

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show admin-context command. The following example shows the admin context called "admin" and stored in the root directory of flash:

hostname# show admin-context

Admin: admin flash:/admin.cfg

Related Commands

Command	Description
admin-context	Sets the admin context.
changeto	Changes between contexts or the system execution space.
clear configure context	Removes all contexts.
mode	Sets the context mode to single or multiple.
show context	Shows a list of contexts (system execution space) or information about the current context.

show arp

To view the ARP table, use the show arp command in privileged EXEC mode.

show arp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(8)/7.2(4)/8.0(4)	Added dynamic ARP age to the display.

Usage Guidelines

The display output shows dynamic, static, and proxy ARP entries. Dynamic ARP entries include the age of the ARP entry in seconds. Static ARP entries include a dash (-) instead of the age, and proxy ARP entries state "alias."

Examples

The following is sample output from the show arp command. The first entry is a dynamic entry aged 2 seconds. The second entry is a static entry, and the third entry is from proxy ARP.

hostname# show arp

        outside 10.86.194.61 0011.2094.1d2b 2

        outside 10.86.194.1 001a.300c.8000 -

        outside 10.86.195.2 00d0.02a8.440a alias

Related Commands

Command	Description
arp	Adds a static ARP entry.
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
clear arp statistics	Clears ARP statistics.
show arp statistics	Shows ARP statistics.
show running-config arp	Shows the current configuration of the ARP timeout.

show arp-inspection

To view the ARP inspection setting for each interface, use the show arp-inspection command in privileged EXEC mode.

show arp-inspection

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show arp-inspection command:

hostname# show arp-inspection

interface                arp-inspection         miss

----------------------------------------------------

inside1                  enabled                flood

outside                  disabled                -

The miss column shows the default action to take for non-matching packets when ARP inspection is enabled, either "flood" or "no-flood."

Related Commands

Command	Description
arp	Adds a static ARP entry.
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
clear arp statistics	Clears ARP statistics.
show arp statistics	Shows ARP statistics.
show running-config arp	Shows the current configuration of the ARP timeout.

show arp statistics

To view ARP statistics, use the show arp statistics command in privileged EXEC mode.

show arp statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show arp statistics command:

hostname# show arp statistics

        Number of ARP entries:

        ASA : 6

        Dropped blocks in ARP: 6

        Maximum Queued blocks: 3

        Queued blocks: 1

        Interface collision ARPs Received: 5

        ARP-defense Gratuitous ARPS sent: 4

        Total ARP retries: 15

        Unresolved hosts: 1

        Maximum Unresolved hosts: 2

Table 2 shows each field description.

Table 44-2 show arp statistics Fields 

Field	Description
Number of ARP entries	The total number of ARP table entries.
Dropped blocks in ARP	The number of blocks that were dropped while IP addresses were being resolved to their corresponding hardware addresses.
Maximum queued blocks	The maximum number of blocks that were ever queued in the ARP module, while waiting for the IP address to be resolved.
Queued blocks	The number of blocks currently queued in the ARP module.
Interface collision ARPs received	The number of ARP packets received at all ASA interfaces that were from the same IP address as that of an ASA interface.
ARP-defense gratuitous ARPs sent	The number of gratuitous ARPs sent by the ASA as part of the ARP-Defense mechanism.
Total ARP retries	The total number of ARP requests sent by the ARP module when the address was not resolved in response to first ARP request.
Unresolved hosts	The number of unresolved hosts for which ARP requests are still being sent out by the ARP module.
Maximum unresolved hosts	The maximum number of unresolved hosts that ever were in the ARP module since it was last cleared or the ASA booted up.

Related Commands

Command	Description
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
clear arp statistics	Clears ARP statistics and resets the values to zero.
show arp	Shows the ARP table.
show running-config arp	Shows the current configuration of the ARP timeout.

show asdm history

To display the contents of the ASDM history buffer, use the show asdm history command in privileged EXEC mode.

show asdm history [view timeframe] [snapshot] [feature feature] [asdmclient]

Syntax Description

asdmclient	(Optional) Displays the ASDM history data formatted for the ASDM client.
feature feature	(Optional) Limits the history display to the specified feature. The following are valid values for the feature argument: •all—Displays the history for all features (default). •blocks—Displays the history for the system buffers. •cpu—Displays the history for CPU usage. •failover—Displays the history for failover. •ids—Displays the history for IDS. •interface if_name—Displays the history for the specified interface. The if_name argument is the name of the interface as specified by the nameif command. •memory—Displays memory usage history. •perfmon—Displays performance history. •sas—Displays the history for Security Associations. •tunnels—Displays the history for tunnels. •xlates—Displays translation slot history.
snapshot	(Optional) Displays only the last ASDM history data point.
view timeframe	(Optional) Limits the history display to the specified time period. Valid values for the timeframe argument are: •all—all contents in the history buffer (default). •12h—12 hours •5d—5 days •60m—60 minutes •10m—10 minutes

Defaults

If no arguments or keywords are specified, all history information for all features is displayed.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the show pdm history command to the show asdm history command.

Usage Guidelines

The show asdm history command displays the contents of the ASDM history buffer. Before you can view ASDM history information, you must enable ASDM history tracking using the asdm history enable command.

Examples

The following is sample output from the show asdm history command. It limits the output to data for the outside interface collected during the last 10 minutes.

hostname# show asdm history view 10m feature interface outside

Input KByte Count:

        [  10s:12:46:41 Mar 1 2005  ] 62640 62636 62633 62628 62622 62616 62609 

Output KByte Count:

        [  10s:12:46:41 Mar 1 2005  ] 25178 25169 25165 25161 25157 25151 25147 

Input KPacket Count:

        [  10s:12:46:41 Mar 1 2005  ]   752   752   751   751   751   751   751 

Output KPacket Count:

        [  10s:12:46:41 Mar 1 2005  ]    55    55    55    55    55    55    55 

Input Bit Rate:

        [  10s:12:46:41 Mar 1 2005  ]  3397  2843  3764  4515  4932  5728  4186 

Output Bit Rate:

        [  10s:12:46:41 Mar 1 2005  ]  7316  3292  3349  3298  5212  3349  3301 

Input Packet Rate:

        [  10s:12:46:41 Mar 1 2005  ]     5     4     6     7     6     8     6 

Output Packet Rate:

        [  10s:12:46:41 Mar 1 2005  ]     1     0     0     0     0     0     0 

Input Error Packet Count:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

No Buffer:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Received Broadcasts:

        [  10s:12:46:41 Mar 1 2005  ] 375974 375954 375935 375902 375863 375833 375794 

Runts:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Giants:       

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

CRC:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Frames:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Overruns:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Underruns:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Output Error Packet Count:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Collisions:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

LCOLL:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Reset:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Deferred:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Lost Carrier:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Hardware Input Queue:

        [  10s:12:46:41 Mar 1 2005  ]   128   128   128   128   128   128   128 

Software Input Queue:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Hardware Output Queue:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Software Output Queue:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

Drop KPacket Count:

        [  10s:12:46:41 Mar 1 2005  ]     0     0     0     0     0     0     0 

hostname#  

The following is sample output from the show asdm history command. Like the previous example, it limits the output to data for the outside interface collected during the last 10 minutes. However, in this example the output is formatted for the ASDM client.

hostname# show asdm history view 10m feature interface outside asdmclient

MH|IBC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|62439|62445|62453|62457|62464|6
2469|62474|62486|62489|62496|62501|62506|62511|62518|62522|62530|62534|62539|62542|62547|6
2553|62556|62562|62568|62574|62581|62585|62593|62598|62604|62609|62616|62622|62628|62633|6
2636|62640|62653|62657|62665|62672|62678|62681|62686|62691|62695|62700|62704|62711|62718|6
2723|62728|62733|62738|62742|62747|62751|62761|62770|62775|

MH|OBC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|25023|25023|25025|25025|25025|2
5026|25026|25032|25038|25044|25052|25056|25060|25064|25070|25076|25083|25087|25091|25096|2
5102|25106|25110|25114|25118|25122|25128|25133|25137|25143|25147|25151|25157|25161|25165|2
5169|25178|25321|25327|25332|25336|25341|25345|25349|25355|25359|25363|25367|25371|25375|2
5381|25386|25390|25395|25399|25403|25410|25414|25418|25422|

MH|IPC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|749|749|749|749|749|750|750|750
|750|750|750|750|750|750|750|750|750|750|750|750|751|751|751|751|751|751|751|751|751|751|7
51|751|751|751|751|752|752|752|752|752|752|752|752|752|752|752|752|752|752|753|753|753|753
|753|753|753|753|753|753|753|

MH|OPC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|55|55|55|55|55|55|55|55|55|55|5
5|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|55|5
5|55|55|56|56|56|56|56|56|56|56|56|56|56|56|56|56|56|56|56|

MH|IBR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|7127|5155|6202|3545|5408|3979|4
381|9492|3033|4962|4571|4226|3760|5923|3265|6494|3441|3542|3162|4076|4744|2726|4847|4292|5
401|5166|3735|6659|3837|5260|4186|5728|4932|4515|3764|2843|3397|10768|3080|6309|5969|4472|
2780|4492|3540|3664|3800|3002|6258|5567|4044|4059|4548|3713|3265|4159|3630|8235|6934|4298|

MH|OBR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|82791|57|1410|588|57|639|0|4698
|5068|4992|6495|3292|3292|3352|5061|4808|5205|3931|3298|3349|5064|3439|3356|3292|3343|3349
|5067|3883|3356|4500|3301|3349|5212|3298|3349|3292|7316|116896|5072|3881|3356|3931|3298|33
49|5064|3292|3349|3292|3292|3349|5061|3883|3356|3931|3452|3356|5064|3292|3349|3292|

MH|IPR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|12|8|6|5|7|5|6|14|5|7|7|5|6|9|5
|8|6|5|5|7|6|5|6|5|6|7|6|8|6|6|6|8|6|7|6|4|5|19|5|8|7|6|4|7|5|6|6|5|7|8|6|6|7|5|5|7|6|9|7|
6|

MH|OPR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|12|0|1|0|0|0|0|4|0|2|2|0|0|0|0|
1|1|0|0|0|0|0|0|0|0|0|0|0|0|1|0|0|0|0|0|0|1|28|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|

MH|IERR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|NB|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|RB|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|374874|374911|374943|374967|3750
10|375038|375073|375113|375140|375160|375181|375211|375243|375289|375316|375350|375373|375
395|375422|375446|375481|375498|375535|375561|375591|375622|375654|375701|375738|375761|37
5794|375833|375863|375902|375935|375954|375974|375999|376027|376075|376115|376147|376168|3
76200|376224|376253|376289|376315|376365|376400|376436|376463|376508|376530|376553|376583|
376614|376668|376714|376749|

MH|RNT|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|GNT|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|CRC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|FRM|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|OR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|UR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|OERR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|COLL|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|LCOLL|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|

MH|RST|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|DEF|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|LCR|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|HIQ|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|128|128|128|128|128|128|128|128
|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|1
28|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128|128
|128|128|128|128|128|128|128|

MH|SIQ|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|HOQ|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|SOQ|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

MH|DPC|10|CURFACT|0|CURVAL|0|TIME|1109703031|MAX|60|NUM|60|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0
|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|

hostname# 

The following is sample output from the show asdm history command using the snapshot keyword:

hostname# show asdm history view 10m snapshot

Available 4 byte Blocks:  [  10s] : 100

Used 4 byte Blocks:  [  10s] : 0

Available 80 byte Blocks:  [  10s] : 100

Used 80 byte Blocks:  [  10s] : 0

Available 256 byte Blocks:  [  10s] : 2100

Used 256 byte Blocks:  [  10s] : 0

Available 1550 byte Blocks:  [  10s] : 7425

Used 1550 byte Blocks:  [  10s] : 1279

Available 2560 byte Blocks:  [  10s] : 40

Used 2560 byte Blocks:  [  10s] : 0

Available 4096 byte Blocks:  [  10s] : 30

Used 4096 byte Blocks:  [  10s] : 0

Available 8192 byte Blocks:  [  10s] : 60

Used 8192 byte Blocks:  [  10s] : 0

Available 16384 byte Blocks:  [  10s] : 100

Used 16384 byte Blocks:  [  10s] : 0

Available 65536 byte Blocks:  [  10s] : 10

Used 65536 byte Blocks:  [  10s] : 0

CPU Utilization:  [  10s] : 31

Input KByte Count:  [  10s] : 62930

Output KByte Count:  [  10s] : 26620

Input KPacket Count:  [  10s] : 755

Output KPacket Count:  [  10s] : 58

Input Bit Rate:  [  10s] : 24561

Output Bit Rate:  [  10s] : 518897

Input Packet Rate:  [  10s] : 48

Output Packet Rate:  [  10s] : 114

Input Error Packet Count:  [  10s] : 0

No Buffer:  [  10s] : 0

Received Broadcasts:  [  10s] : 377331

Runts:  [  10s] : 0

Giants:  [  10s] : 0

CRC:  [  10s] : 0

Frames:  [  10s] : 0

Overruns:  [  10s] : 0

Underruns:  [  10s] : 0

Output Error Packet Count:  [  10s] : 0

Collisions:  [  10s] : 0

LCOLL:  [  10s] : 0

Reset:  [  10s] : 0

Deferred:  [  10s] : 0

Lost Carrier:  [  10s] : 0

Hardware Input Queue:  [  10s] : 128

Software Input Queue:  [  10s] : 0

Hardware Output Queue:  [  10s] : 0

Software Output Queue:  [  10s] : 0

Drop KPacket Count:  [  10s] : 0

Input KByte Count:  [  10s] : 3672

Output KByte Count:  [  10s] : 4051

Input KPacket Count:  [  10s] : 19

Output KPacket Count:  [  10s] : 20

Input Bit Rate:  [  10s] : 0

Output Bit Rate:  [  10s] : 0

Input Packet Rate:  [  10s] : 0

Output Packet Rate:  [  10s] : 0

Input Error Packet Count:  [  10s] : 0

No Buffer:  [  10s] : 0

Received Broadcasts:  [  10s] : 1458

Runts:  [  10s] : 1

Giants:  [  10s] : 0

CRC:  [  10s] : 0

Frames:  [  10s] : 0

Overruns:  [  10s] : 0

Underruns:  [  10s] : 0

Output Error Packet Count:  [  10s] : 0

Collisions:  [  10s] : 63

LCOLL:  [  10s] : 0

Reset:  [  10s] : 0

Deferred:  [  10s] : 15

Lost Carrier:  [  10s] : 0

Hardware Input Queue:  [  10s] : 128

Software Input Queue:  [  10s] : 0

Hardware Output Queue:  [  10s] : 0

Software Output Queue:  [  10s] : 0

Drop KPacket Count:  [  10s] : 0

Input KByte Count:  [  10s] : 0

Output KByte Count:  [  10s] : 0

Input KPacket Count:  [  10s] : 0

Output KPacket Count:  [  10s] : 0

Input Bit Rate:  [  10s] : 0

Output Bit Rate:  [  10s] : 0

Input Packet Rate:  [  10s] : 0

Output Packet Rate:  [  10s] : 0

Input Error Packet Count:  [  10s] : 0

No Buffer:  [  10s] : 0

Received Broadcasts:  [  10s] : 0

Runts:  [  10s] : 0

Giants:  [  10s] : 0

CRC:  [  10s] : 0

Frames:  [  10s] : 0

Overruns:  [  10s] : 0

Underruns:  [  10s] : 0

Output Error Packet Count:  [  10s] : 0

Collisions:  [  10s] : 0

LCOLL:  [  10s] : 0

Reset:  [  10s] : 0

Deferred:  [  10s] : 0

Lost Carrier:  [  10s] : 0

Hardware Input Queue:  [  10s] : 128

Software Input Queue:  [  10s] : 0

Hardware Output Queue:  [  10s] : 0

Software Output Queue:  [  10s] : 0

Drop KPacket Count:  [  10s] : 0

Input KByte Count:  [  10s] : 0

Output KByte Count:  [  10s] : 0

Input KPacket Count:  [  10s] : 0

Output KPacket Count:  [  10s] : 0

Input Bit Rate:  [  10s] : 0

Output Bit Rate:  [  10s] : 0

Input Packet Rate:  [  10s] : 0

Output Packet Rate:  [  10s] : 0

Input Error Packet Count:  [  10s] : 0

No Buffer:  [  10s] : 0

Received Broadcasts:  [  10s] : 0

Runts:  [  10s] : 0

Giants:  [  10s] : 0

CRC:  [  10s] : 0

Frames:  [  10s] : 0

Overruns:  [  10s] : 0

Underruns:  [  10s] : 0

Output Error Packet Count:  [  10s] : 0

Collisions:  [  10s] : 0

LCOLL:  [  10s] : 0

Reset:  [  10s] : 0

Deferred:  [  10s] : 0

Lost Carrier:  [  10s] : 0

Hardware Input Queue:  [  10s] : 128

Software Input Queue:  [  10s] : 0

Hardware Output Queue:  [  10s] : 0

Software Output Queue:  [  10s] : 0

Drop KPacket Count:  [  10s] : 0

Available Memory:  [  10s] : 205149944

Used Memory:  [  10s] : 63285512

Xlate Count:  [  10s] : 0

Connection Count:  [  10s] : 0

TCP Connection Count:  [  10s] : 0

UDP Connection Count:  [  10s] : 0

URL Filtering Count:  [  10s] : 0

URL Server Filtering Count:  [  10s] : 0

TCP Fixup Count:  [  10s] : 0

TCP Intercept Count:  [  10s] : 0

HTTP Fixup Count:  [  10s] : 0

FTP Fixup Count:  [  10s] : 0

AAA Authentication Count:  [  10s] : 0

AAA Authorzation Count:  [  10s] : 0

AAA Accounting Count:  [  10s] : 0

Current Xlates:  [  10s] : 0

Max Xlates:  [  10s] : 0

ISAKMP SAs:  [  10s] : 0

IPsec SAs:  [  10s] : 0

L2TP Sessions:  [  10s] : 0

L2TP Tunnels:  [  10s] : 0

hostname# 

Related Commands

Command	Description
asdm history enable	Enables ASDM history tracking.

show asdm image

To the current ASDM software image file, use the show asdm image command in privileged EXEC mode.

show asdm image

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was changed from the show pdm image command to the show asdm image command.

Examples

The following is sample output from the show asdm image command:

hostname# show asdm image

Device Manager image file, flash:/ASDM

Related Commands

Command	Description
asdm image	Specifies the current ASDM image file.

show asdm log_sessions

To display a list of active ASDM logging sessions and their associated session IDs, use the show asdm log_sessions command in privileged EXEC mode.

show asdm log_sessions

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Each active ASDM session has one or more associated ASDM logging sessions. ASDM uses the logging session to retrieve syslog messages from the ASA. Each ASDM logging session is assigned a unique session ID. You can use this session ID with the asdm disconnect log_session command to terminate the specified session.

---

Note Because each ASDM session has at least one ASDM logging session, the output for the show asdm sessions and show asdm log_sessions may appear to be the same.

---

Examples

The following is sample output from the show asdm log_sessions command:

hostname# show asdm log_sessions

0 192.168.1.1

1 192.168.1.2

Related Commands

Command	Description
asdm disconnect log_session	Terminates an active ASDM logging session.

show asdm sessions

To display a list of active ASDM sessions and their associated session IDs, use the show asdm sessions command in privileged EXEC mode.

show asdm sessions

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from the show pdm sessions command to the show asdm sessions command.

Usage Guidelines

Each active ASDM session is assigned a unique session ID. You can use this session ID with the asdm disconnect command to terminate the specified session.

Examples

The following is sample output from the show asdm sessions command:

hostname# show asdm sessions

0 192.168.1.1

1 192.168.1.2

Related Commands

Command	Description
asdm disconnect	Terminates an active ASDM session.