Cisco ASA clearing individual remote sessions

Today’s ‘tricky’ support call was about a remote user using a Cisco ASA to connect to their head office using the Microsoft IPSec over L2TP method from the built in Microsoft VPN client. Putting aside the ‘noise’ on this call with the usual slew of misleading information, the user had managed to connect themselves with no username showing and ¬†having their own ip assigned o them! I used the vpn-sessiondb commands to get the info (I changed the ip address to protect the innocent):

Username     : 
Index        : 7
Assigned IP  : 1.1.1.1                Public IP    : 1.1.1.1
Protocol     : IPSec                  Encryption   : 3DES
Hashing      : SHA1                   
Bytes Tx     : 0                      Bytes Rx     : 0
Client Type  :                        Client Ver   : 
Group Policy : DefaultRAGroup
Tunnel Group : DefaultRAGroup
Login Time   : 09:17:58 GMT/BST Thu Dec 20 2012
Duration     : 7h:51m:41s
Filter Name  : 
NAC Result   : Unknown
Posture Token: 

This setup seemed to prevent the user from reconnecting from this location until we managed to work out what the issues were and cleared down the session. At the time there were several other users connected and the client wanted the rest of the users to stay online, so the following command sorted it out:

# vpn-sessiondb logoff index 7
INFO: Session with Index = 7 has been logged off

And hey presto, the session was gone, and the end user can now log on.

This entry was posted in Cisco. Bookmark the permalink.

Leave a Reply