Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Show connected users

Hi.

Is there any way to show connect by Easy VPN users?

  • VPN
Everyone's tags (1)
9 REPLIES
New Member

Show connected users

yea type this command

sh cry ipse sa

this command shows you all detail destination IP and username as well

Example

asa# sh cry ipse sa

interface: outside

    Crypto map tag: Outside_dyn_map, seq num: 10, local addr: x.x.x.x

      local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

      remote ident (addr/mask/prot/port): (10.50.3.0/255.255.255.255/0/0)

      current_peer: x.x.x.x, username: User1  <--------------------------here is user name

      dynamic allocated peer ip: 10.50.253.10

You can also see peer;

sh cry isa sa

New Member

Show connected users

Thanks but it doesn't contain user in my output:

#show crypto ipsec sa interface gigabitEthernet 0/0 detail

interface: GigabitEthernet0/0

    Crypto map tag: clientmap, local addr x.x.x.x

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   remote ident (addr/mask/prot/port): (172.16.11.52/255.255.255.255/0/0)

   current_peer x.x.x.x port 8202

     PERMIT, flags={}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 329, #pkts decrypt: 329, #pkts verify: 329

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #pkts no sa (send) 0, #pkts invalid sa (rcv) 0

    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0

    #pkts invalid prot (recv) 0, #pkts verify failed: 0

    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0

    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0

    ##pkts replay failed (rcv): 0

    #pkts internal err (send): 0, #pkts internal err (recv) 0

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x

     path mtu 1500, ip mtu 1500

     current outbound spi: 0x14ACEAD4(346876628)

     inbound esp sas:

      spi: 0x7940C6C7(2034288327)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel UDP-Encaps, }

        conn id: 3078, flow_id: NETGX:78, crypto map: clientmap

        sa timing: remaining key lifetime (k/sec): (4493592/3469)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0x14ACEAD4(346876628)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel UDP-Encaps, }

        conn id: 3006, flow_id: NETGX:6, crypto map: clientmap

        sa timing: remaining key lifetime (k/sec): (4493672/3469)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

outbound pcp sas:

New Member

Re: Show connected users

I am not seeing this command on my 5510 ASA

asa# show crypto ipsec sa ?

  assigned-address  Show IPsec SAs for an assigned address

  detail            Show IPsec SA detail

  entry             Show IPsec SAs by entry

  identity          Show IPsec SAs by flow

  map               Show IPsec SAs by map

  peer              Show IPsec SAs for a peer

  spi               Show IPsec SAs for an SPI

  summary           Show IPsec SAs summary by types

  user              Show IPsec SAs for a user

  |                 Output modifiers

New Member

Re: Show connected users

if you are using router then try these commands

show crypto engine connections active—Shows the encrypted and decrypted packets.

show crypto ipsec sa—Shows the phase 2 IPSec security associations for the hub.

show crypto ipsec client ezvpn—Shows the phase 2 IPSec security associations for the EzVPN client.

show crypto isakmp sa—Shows the phase 1 ISAKMP security associations.

New Member

Re: Show connected users

Verification Command List :


  • show crypto ipsec sa
  • show crypto ipsec spi-lookup
  • show crypto isakmp profile
  • show crypto isakmp policy
  • show crypto isakmp sa
  • show crypto isakmp peers
  • show crypto engine connections active
New Member

Re: Show connected users

Yes, I use router. I will check it tomorrow and will answer.

Thank you)

New Member

Re: Show connected users

I checked this commands. No one has shown me the name of client.

New Member

Re: Show connected users

Here you go Finally I have found that command.

sh crypto session

you can see all detail. 

New Member

Re: Show connected users

Yes, but even with key "detailed" we don't see user name:

Code: C - IKE Configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication

Interface: GigabitEthernet0/0

Session status: UP-ACTIVE

Peer: x.x.x.x port 65393 fvrf: (none) ivrf: (none)

      Phase1_id: vpnclient (the group name)

      Desc: (none)

  IKE SA: local x.x.x.x/4500 remote x.x.x.x/65393 Active

          Capabilities:CXN connid:672 lifetime:23:59:21

  IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 172.16.11.56

        Active SAs: 2, origin: dynamic crypto map

        Inbound:  #pkts dec'ed 41 drop 0 life (KB/Sec) 4478264/3568

        Outbound: #pkts enc'ed 41 drop 0 life (KB/Sec) 4478262/3568

564
Views
0
Helpful
9
Replies
This widget could not be displayed.