Find Prefixes and Routes Advertised to Frouter by SLVPN

Available Languages

Download Options

  • PDF     (24.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (81.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 1, 2025
Document ID:225116

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to find prefixes and routes advertised to Frouter by SLVPN for Secure Connect Private Access tunnels.

    Overview

    Secure Connect Secure Layer Virtual Private Network (SLVPN) Private Access tunnels advertise the prefixes you enter in the Client Reachable Prefixes section of the dashboard to Frouter. Frouter uses these prefixes to route traffic to private resources within these ranges through the Private Access tunnel. You can verify that the correct prefixes are being sent from SLVPN to Frouter by checking logs in DataDog. Use this procedure to ensure proper prefix advertisement when a tunnel is connected.

    Find Prefixes Advertised to Frouter by SLVPN

    You can use DataDog to verify that a tunnel is configured as a Private Access tunnel or a Secure Internet Access tunnel by checking the next hop assignment. You can also validate which prefix ranges SLVPN advertises to Frouter using the Frouter API logs. You need the organization ID (OrgID) and the Just-In-Time ID (JITID) for the tunnel you want to check.

    Access DataDog and Locate Tunnel Information

    1. Log in to DataDog using this command (replace with your own organization ID):

    sl monitor datadog login --org-id your-org-id

    2. Use the OrgID and JITID to search for up_monitor service logs, which provide details about all tunnels for an organization or a specific tunnel.

    • To check a specific tunnel, first obtain the JITID of the tunnel.
    • Use the DataDog search query format:
    (@client_id:<tunnel-id>)

    3. Find up_monitor service logs using:

    @org_id:<Customer OrgID> AND @jitid:<JITID>
    • You can also search using only the OrgID to view all tunnels for an organization.

    4. Review the log lines to determine the tunnel type and prefix information.

    • Select a specific log line to view detailed information.

    Identify Tunnel Type and Prefixes

    Secure Internet Access (SIA) tunnels have a classic Cloud Delivered Firewall (CDFW) node as the next hop, indicated by:

    next hop selected for cdfw classic tunnel

    Private Access (PA) tunnels have Frouter assigned as the next hop, and the up_monitor service logs the creation of the Frouter connector via the Frouter API:

    connector creation success in frouter api
    • The log line includes parameters passed to the Frouter API and the API response.
    • Theclient_reachable_prefixessection in the API response lists the prefixes shared with Frouter.
    • The response section shows the HTTP status code response from the Frouter API. This information can be used to check against the Client Reachable Prefixes in the your dashboard to ensure that SLVPN is passing the correct Client Reachable Prefixes to Frouter for Private Access.

    Revision History

    Revision Publish Date Comments
    1.0
    01-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products