Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
4
Replies

Terminating PIX Remote VPN clients

daniel.kline
Level 1
Level 1

‎03-17-2004 06:59 AM - edited ‎02-21-2020 01:04 PM

I have a PIX firewall configured for XAUTH and want to be able to determine who is connected based on their userID and IP address. With PDM (and in command line) I can view VPN SA's by their public and assigned private IP address. How do I determine which user is associated with which IP address? I want to be able to manually terminate the user connection if desired. Can this be done?

Labels:
0 Helpful
4 Replies 4

matthew.mohan
Level 1
Level 1

‎03-17-2004 10:24 AM

I know this is possible with the Altiga VPN concentrators (3000 series), but with dynamic VPN connections on a pix, I don't (think) it is possible.

0 Helpful

daniel.kline
Level 1
Level 1
In response to matthew.mohan

‎03-17-2004 02:40 PM

Thanx, Matt. I think it is possible with the Nortel Contivity as well, but the remote users are authenticated on the concentrator as well as an internal server (two-level auth).

0 Helpful

SteveGodfrey
Level 1
Level 1

‎03-18-2004 01:14 AM

Hi there.

Sh uauth will show you the currently authenticated users (via xauth). Then show isa peer will show which user has which IP address.

Something along the lines of clear ipsec sa peer 1.1.1.1 should do the trick, but if you don't disable the xuath authentication they could just connect again.

Here's an example from our 535, IP addresses have been changed to protect the innocent ;-)

BCCCHO05F01# sh uauth

Current Most Seen

Authenticated Users 10 14

Authen In Progress 0 4

ipsec user 'A-User-somewhere' at 1.1.1.1, authenticated

access-list #ACSACL#-PIX-YouthVPN-400d82de

BCCCHO05F01# sh isa peer

Peer: 1.1.1.1

Configuration:

Refcount: 5, Configured Address: 10.29.4.2, In Use: yes,

Attributes:

There's a good discription of the clear command here http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/c.htm#wp1054048

Steve

0 Helpful

daniel.kline
Level 1
Level 1
In response to SteveGodfrey

‎03-18-2004 04:05 AM

Thanks, Steve. I'll give it a try.

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents