Have you ever wondered how you logoff or disconnect a remote access VPN user on a Cisco ASA? Well there are two ways to do it. One is to use the GUI – Cisco’s ASDM and the other by using good old CLI.
On ASDM (Version 6.2)
- Click on the monitoring tab.
- Under VPN statistics, select sessions
- On the right drop down box where it says “Filter By” select IPsec Remote Access or if you are using SSL Client/Clientless VPN select the one of your choice.
- Click the Logout button!
On CLI – IPsec Remote Access VPN / Cisco Any connect VPN
For any Cisco remote access VPN, first search and see if the user is still logged in. Depending on the type of remote access VPN, enter the appropriate VPN type. Below is an output from the CLI.
sh vpn-sessiondb ?
detail Show detailed output email-proxy Email-Proxy sessions full Output formatted for data management programs index Index of session l2l IPSec LAN-to-LAN sessions ratio Show VPN Session protocol or encryption ratios remote IPSec Remote Access sessions summary Show VPN Session summary svc SSL VPN Client sessions vpn-lb VPN Load Balancing Mgmt sessions webvpn WebVPN sessions
Then to logoff the user simply enter the user-name in the command below:
vpn-sessiondb logoff name <name>
I find using the ASDM more accurate and less error prone. It also gives you a summary of the login statistics at a glance.