03-17-2004 06:59 AM - edited 02-21-2020 01:04 PM
I have a PIX firewall configured for XAUTH and want to be able to determine who is connected based on their userID and IP address. With PDM (and in command line) I can view VPN SA's by their public and assigned private IP address. How do I determine which user is associated with which IP address? I want to be able to manually terminate the user connection if desired. Can this be done?
03-17-2004 10:24 AM
I know this is possible with the Altiga VPN concentrators (3000 series), but with dynamic VPN connections on a pix, I don't (think) it is possible.
03-17-2004 02:40 PM
Thanx, Matt. I think it is possible with the Nortel Contivity as well, but the remote users are authenticated on the concentrator as well as an internal server (two-level auth).
03-18-2004 01:14 AM
Hi there.
Sh uauth will show you the currently authenticated users (via xauth). Then show isa peer will show which user has which IP address.
Something along the lines of clear ipsec sa peer 1.1.1.1 should do the trick, but if you don't disable the xuath authentication they could just connect again.
Here's an example from our 535, IP addresses have been changed to protect the innocent ;-)
BCCCHO05F01# sh uauth
Current Most Seen
Authenticated Users 10 14
Authen In Progress 0 4
ipsec user 'A-User-somewhere' at 1.1.1.1, authenticated
access-list #ACSACL#-PIX-YouthVPN-400d82de
BCCCHO05F01# sh isa peer
Peer: 1.1.1.1
Configuration:
Refcount: 5, Configured Address: 10.29.4.2, In Use: yes,
Attributes:
There's a good discription of the clear command here http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/c.htm#wp1054048
Steve
03-18-2004 04:05 AM
Thanks, Steve. I'll give it a try.
Dan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide