As we are successful to ping IP of host on the remote site, the IPSec VPN tunnel should be up and running now. We can verify it with the following command on FW-VPN01. #sh vpn-sessiondb detail l2l filter ipaddress

Make sure new vpn policy should not overlap with existing policy. vpn-Firewall# sh crypto ipsec sa peer peer address: Crypto map tag: Outside_Map, seq num: 90, local addr: access-list Test_vpn extended permit ip PetesASA# show vpn-sessiondb detail l2l filter name sh vpn-sessiondb detail remote sh vpn-sessiondb detail webvpn on ASA Best regards, Istvan. mavantix. Author. Commented: 2009-10-02. Thanks! sh vpn-sessiondb remote (IPSec Remote VPN Clients) sh vpn-sessiondb l2l (L2L Tunnels) sh vpn-sessiondb svc (SSL VPN / Anyconnect Clients) sh vpn-sessiondb webvpn (Clientless sessions) sh ssh sessions (show users connected to ASA via SSH) To terminate a session. vpn-sessiondb logoff name username (where username is the name of the user you want sh vpn-sessiondb remote There are other useful options for this command, such as: sh vpn-sessiondb l2l --> for IPSec L2L connections sh vpn-sessiondb svc --> for SSL and anyconnect connections sh vpn-sessiondb webvpn --> for WebVPN sessions If you are looking for a specific user, use the following command: sh vpn-sessiondb remote filter USERNAME

1 thought on “ Showing and logging off VPN sessions via the ASA CLI ” Will January 31, 2011 at 2:57 pm. Whoever ought to have written or created this particular web site need to be a competent in this zone of expertise.

Here’s how you can quickly list the currently active IPSec VPN sessions on your ASA. show vpn-sessiondb remote. You can of course use modifiers to filter only the text you’re interested in. For example. show vpn-sessiondb remote | include (Username|Duration) This will give you the username and duration of the session.

show vpn-sessiondb webvpn. cisco-asa# sh vpn-sessiondb webvpn Session Type: WebVPN Username : Test Index : 2395 Public IP : Protocol : Clientless License : SSL VPN Encryption : RC4 Hashing : SHA1 Bytes Tx : 52548 Bytes Rx : 21453

2) sh vpn-sessiondb l2l << (LAN-to-LAN Tunnels) 3) sh vpn-sessiondb svc << (SSL VPN / Anyconnect Clients) This will help you figure out if they are actually individual users connecting into the ASA using the AnyConnect software for example, or if there are a 171 LAN-2-LAN tunnels connecting to your ASA, it'll show you the IPs of the far ends.