Friday, May 30, 2014

Cisco ASA: How To Tell Remote-Access VPN Information For A Particular User

I have had to do this a lot.  A user has VPN'ed in via remote-access and they have problems.  I can find out all about them by looking through the config and knowing what is in their pcf file, but its easier to just use this command below.  You can see the command and what information it gives you.  Very useful for troubleshooting.

ASA# sh vpn-sessiondb detail ra-ikev1-ipsec filter name shane

Session Type: IKEv1 IPsec Detailed

Username     : shane               Index        : 35708
Assigned IP  :          Public IP    :
Protocol     : IKEv1 IPsecOverNatT
License      : Other VPN
Encryption   : 3DES 3DES              Hashing      : SHA1 SHA1
Bytes Tx     : 0                      Bytes Rx     : 1260
Pkts Tx      : 0                      Pkts Rx      : 21
Pkts Tx Drop : 0                      Pkts Rx Drop : 0
Group Policy : technicalgroup           Tunnel Group : technicalgroup
Login Time   : 18:43:45 UTC Wed Mar 5 2014
Duration     : 0h:02m:27s
Inactivity   : 0h:00m:00s
NAC Result   : Unknown
VLAN Mapping : N/A                    VLAN         : none

IKEv1 Tunnels: 1
IPsecOverNatT Tunnels: 1

  Tunnel ID    : 35708.1
  UDP Src Port : 59691                  UDP Dst Port : 4500
  IKE Neg Mode : Aggressive             Auth Mode    : preSharedKeys

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.