Problem:

Have you ever wondered how you logoff or disconnect a remote access VPN user on a Cisco ASA? Well there are two ways to do it. One is to use the GUI – Cisco’s ASDM and the other by using good old CLI.

Solution:

On ASDM (Version 6.2)

1. Click on the monitoring tab.
2. Under VPN statistics, select sessions
3. On the right drop down box where it says “Filter By” select IPsec Remote Access or if you are using SSL Client/Clientless VPN select the one of your choice.
4. Click the Logout button!

A picture is worth a thousand words so here’s a screen capture below:

On CLI – IPsec Remote Access VPN / Cisco Any connect VPN

For any Cisco remote access VPN, first search and see if the user is still logged in. Depending on the type of remote access VPN, enter the appropriate VPN type. Below is an output from the CLI.

sh vpn-sessiondb ?

detail       Show detailed output
email-proxy  Email-Proxy sessions
full         Output formatted for data management programs
index        Index of session
l2l          IPSec LAN-to-LAN sessions
ratio        Show VPN Session protocol or encryption ratios
remote       IPSec Remote Access sessions
summary      Show VPN Session summary
svc          SSL VPN Client sessions
vpn-lb       VPN Load Balancing Mgmt sessions
webvpn       WebVPN sessions

Then to logoff the user simply enter the user-name in the command below:

vpn-sessiondb logoff name <name>

I find using the ASDM more accurate and less error prone. It also gives you a summary of the login statistics at a glance.