![]() While I usually still use the ‘show crypto’ commands for IPSec connections, you HAVE to use the vpn-sessiondb for An圜onnect and WebVPN. Ratio Show VPN Session protocol or encryption ratiosĪs you can see, you can use the vpn-sessiondb command to look at each type of VPN connection. So now that we have an idea of how it works with WebVPN connections, let’s use the trusty ‘?’ to see what else we can do with the ‘vpn-sessiondb’.įull Output formatted for data management programs Conversely, if I wanted to log off all of the WebVPN sessions I could just input ‘vpn-sessiondb logoff webvpn’ which would log off all users connected to WebVPN. Note in this instance, I don’t even have to note that it’s a WebVPN session that I want to log off. Notes: What’s interesting about the log off procedure is that its done by tunnel group or username. Enter this command on the ASA in order to verify that the connection uses IKEv2 as well as AAA and certificate authentication: bsns-asa5520-1 show vpn-sessiondb detail anyconnect filter name cisco Session Type: An圜onnect Detailed Username: cisco Index: 6 Assigned IP: 172.16.99.5 Public IP: 1.2.3.4 Protocol: IKEv2 IPsecOverNatT An圜onnect. INFO: Number of sessions with name "langemakj" logged off : 1 Notes: So as you can see, this gives you a ton of info on the connection including the users group policy, tunnel group, and their public IP (Note: I’m testing off of the internal ASA interface hence the RFC 1918 addressing).ĭo you want to logoff the VPN session(s)? Group Policy : GP_SSLVPN Tunnel Group : TG_SSLVPN Below I’ll walk through a couple of commands which show you some more information about all types of VPN connections. ![]() However, what about if you start talking about SSL VPN sessions? Or WebVPN sessions? Since these technically aren’t IPSec connections, they don’t show up in the ‘show crpypto’ commands. Those, of course, are…īoth of these commands provide you with a wealth of information about the IPSec connection. Most admins use two commands to verify IPSec VPN security associations. You could add this to my ‘Commands I always forget’ post, but since I’m going to turn this into a little bit of a walk through I decided to make it into it’s own post.
0 Comments
Leave a Reply. |