Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Identify connected VPN clients

My clients have Cisco 8xx ISR routers and connect to a 2600 head end router.

All clients have negotiated IP addresses from the ADSL ISP. The head end is configured with pre shared keys and dynamic crypto map.

The spoke devices establish the VPN connection sucessfully.

Is there a friendly way to identify the connected VPN sessions other than identifying the connected IP addresses. At the moment I only have three remote clients but as the solution grows I can see that identifying the remote connections by IP address might not be that scalable.


Re: Identify connected VPN clients


Have you tried using these commands ?

show crypto isakmp sa

show crypto isakmp peer


Community Member

Re: Identify connected VPN clients

Thanks for the reply.

show crypto isakmp sa shows me the src and dst IP address of the VPN connection.

My clients have negotiated IP adresses and my ISP resets the IP's every 24 hrs. So every 24 hrs the remote clients have a different IP. I use DDNS to overcome this anoyance and for remote management.

I am looking for a way to identify the remote site by name. Kind of like identify the sites connected by their DNS name.

show crypto isakmp peer does not reply anything as I am using a dynamic crypto map and accept connections from any of the configured remote sites.

Maybe this is not good practise as I am no security expert?

CreatePlease to create content