How to view current cisco VPN sessions

Discussion in 'Cisco' started by tissiste, May 8, 2006.

  1. tissiste

    tissiste Guest

    Hi,
    I have a Cisco PIX512 configured for Cisco VPN connections. I suspect
    someone, using one of the vpn accounts, of connecting to our network by
    opening a vpn connection. I was able to see allocated ip addresses of
    current sessions (there is 5 or 6) and I was able to see the name of
    the souspicious computer but it is protected from anonymous login or
    share. How to know which vpn account is used to connect with (I will be
    able to disable it and may be know who is the smart guy if there is
    one).

    Thank you
     
    tissiste, May 8, 2006
    #1
    1. Advertisements

  2. Try doing a "sh is sa"

    This will show you all the peers connected and their state.

    Chuck
     
    Charles U Farley, May 9, 2006
    #2
    1. Advertisements

  3. tissiste

    tissiste Guest

    With "sh is sa" I am able to see external ip addresses(and that is a
    good thing) but how to know which vpn user account has been used to
    connect with

    Thanks for your help
     
    tissiste, May 9, 2006
    #3
  4. tissiste

    Salvatore

    Joined:
    May 10, 2006
    Messages:
    7
    Likes Received:
    0
    Hi ,
    understanding who are using vpns you should look at AAA server
    (Radius or tacacs+) and in particular the Accounting informations ,
    there you can see who (username) is connected, at what time started and stopped and other interesting things like the services used.

    But You could have no AAA server but NT DC authentication :
    in such case look there in NT logs.

    regards
    Salvatore
     
    Salvatore, May 10, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.