Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Terminating PIX Remote VPN clients

I have a PIX firewall configured for XAUTH and want to be able to determine who is connected based on their userID and IP address. With PDM (and in command line) I can view VPN SA's by their public and assigned private IP address. How do I determine which user is associated with which IP address? I want to be able to manually terminate the user connection if desired. Can this be done?

New Member

Re: Terminating PIX Remote VPN clients

I know this is possible with the Altiga VPN concentrators (3000 series), but with dynamic VPN connections on a pix, I don't (think) it is possible.

New Member

Re: Terminating PIX Remote VPN clients

Thanx, Matt. I think it is possible with the Nortel Contivity as well, but the remote users are authenticated on the concentrator as well as an internal server (two-level auth).

New Member

Re: Terminating PIX Remote VPN clients

Hi there.

Sh uauth will show you the currently authenticated users (via xauth). Then show isa peer will show which user has which IP address.

Something along the lines of clear ipsec sa peer should do the trick, but if you don't disable the xuath authentication they could just connect again.

Here's an example from our 535, IP addresses have been changed to protect the innocent ;-)

BCCCHO05F01# sh uauth

Current Most Seen

Authenticated Users 10 14

Authen In Progress 0 4

ipsec user 'A-User-somewhere' at, authenticated

access-list #ACSACL#-PIX-YouthVPN-400d82de

BCCCHO05F01# sh isa peer



Refcount: 5, Configured Address:, In Use: yes,


There's a good discription of the clear command here


New Member

Re: Terminating PIX Remote VPN clients

Thanks, Steve. I'll give it a try.


CreatePlease login to create content