Today’s ‘tricky’ support call was about a remote user using a Cisco ASA to connect to their head office using the Microsoft IPSec over L2TP method from the built in Microsoft VPN client. Putting aside the ‘noise’ on this call with the usual slew of misleading information, the user had managed to connect themselves with no username showing and having their own ip assigned o them! I used the vpn-sessiondb commands to get the info (I changed the ip address to protect the innocent):
Username : Index : 7 Assigned IP : 220.127.116.11 Public IP : 18.104.22.168 Protocol : IPSec Encryption : 3DES Hashing : SHA1 Bytes Tx : 0 Bytes Rx : 0 Client Type : Client Ver : Group Policy : DefaultRAGroup Tunnel Group : DefaultRAGroup Login Time : 09:17:58 GMT/BST Thu Dec 20 2012 Duration : 7h:51m:41s Filter Name : NAC Result : Unknown Posture Token:
This setup seemed to prevent the user from reconnecting from this location until we managed to work out what the issues were and cleared down the session. At the time there were several other users connected and the client wanted the rest of the users to stay online, so the following command sorted it out:
# vpn-sessiondb logoff index 7 INFO: Session with Index = 7 has been logged off
And hey presto, the session was gone, and the end user can now log on.