cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
401
Views
0
Helpful
4
Replies

Who is connected to EasyVPN on a 2811

ludovic.gorguet
Level 1
Level 1

Hello,

One of our client want to know who is connected to his Vpn gateway (2811 with EasyVpn), so we tried to get this information with our own EasyVpn lab but we haven't got this information.

Does it exist a command on CLI to view who (username) is connected through the Easyvpn (we tried "sh user all" and "sh aaa user all" with no result)

And does it exist a windows executable program that can manage Easy Vpn and can Monitor Easyvpn user (a list of username that is connected on EasyVpn server)

4 Replies 4

m.sir
Level 7
Level 7

Use command "show aaa user all" in case you dont see any outputs, you need enable AAA accounting on the 2811 and then run the command again.

Please check the below URL for enabling VPN Accounting

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541ba.html

M.

Hope that helps rate if it does

Ok but I tried this command and it return a lot of things but nothing about the user name connected on vpn.

But I found this morning what I want :

The command to see who is connected to a EasyVpn Gateway is :

"sh crypto session" but this command return a lot of things like the authentification method, the encryption, total byte transferred, Ip of remote host etc... so if you use a grep command you can see each username is connected to the EasyVpn Gateway.

To conclude you have to use this command to see Who is connected to a EasyVpn Gateway on a ISR (2811):

"sh crypto session | i Username"

Thanks a lot,

haroon.shaikh
Level 1
Level 1

I use PPTP VPN and when I needed to check which users are connected I issue the following command:

show user

Probably, this might work for you too (Only if you are using local authentication)

Let me know if it works so I might learn something from you ;)

* Please rate if it helps.

enkrypter
Level 1
Level 1

If you are only using PSK to authenticate the tunnel, then there is nothing to log and you'd need to see tunnels

sh crypto isakamp sa

You need to setup AAA to log authentications and authorizations to a radius or TACACS+ server. I'd suggest they get a Cisco Secure ACS Server so they can log that information and keep track. This would also alow them to authenticate to a variety of external user databases like AD, LDAP, or SDMI..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: