https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349804#M1030685 Are you using EZVPN?<BR /><BR />One command that might be useful is "crypto logging session", this will create a syslog event for each new VPN connection established. Fri, 16 Mar 2018 12:00:01 GMT Rob Ingram 2018-03-16T12:00:01Z https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349779#M1030681 <P>Hello Team,</P> <P>&nbsp;</P> <P>My VPN seems to be working fine if thats you are wondering. My concern is much bigger.</P> <P>&nbsp;</P> <P>I am trying to see Who is Connected in the VPN (user name) since it seems that someone, something, somehow has got all the IP Pool from my vpn</P> <P>ydrovpnrouter# sh ip loca pool<BR /><BR />&nbsp;Pool&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Begin&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; End&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Free&nbsp; In use<BR />&nbsp;SDM_POOL_1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.10.10.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.10.10.23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 19</P> <P>&nbsp;</P> <P>I have several profiles for users to connect through IPSec Client, and I am trying to see who is connected, and if I cannot see by username, I am trying to see Public IP address.</P> <P>Commands used so far</P> <P>&nbsp;</P> <P>show aaa user all&nbsp; (get 21 output like this)</P> <P>--------------------------------------------------<BR />Unique id 1 is currently in use.<BR />Accounting:<BR />&nbsp; log=0x18001<BR />&nbsp; Events recorded :<BR />&nbsp;&nbsp;&nbsp; CALL START<BR />&nbsp;&nbsp;&nbsp; INTERIM START<BR />&nbsp;&nbsp;&nbsp; INTERIM STOP<BR />&nbsp; update method(s) :<BR />&nbsp;&nbsp;&nbsp; NONE<BR />&nbsp; update interval = 0<BR />&nbsp; Outstanding Stop Records : 0<BR />&nbsp; Dynamic attribute list:<BR />&nbsp;&nbsp;&nbsp; 43F8E1B8 0 00000001 connect-progress(35) 4 No Progress<BR />&nbsp;&nbsp;&nbsp; 43F8E1CC 0 00000001 pre-session-time(253) 4 0(0)<BR />&nbsp;&nbsp;&nbsp; 43F8E1E0 0 00000001 elapsed_time(322) 4 0(0)<BR />&nbsp;&nbsp;&nbsp; 43F8E1F4 0 00000001 pre-bytes-in(249) 4 0(0)<BR />&nbsp;&nbsp;&nbsp; 43F8E208 0 00000001 pre-bytes-out(250) 4 0(0)<BR />&nbsp;&nbsp;&nbsp; 43F8E21C 0 00000001 pre-paks-in(251) 4 0(0)<BR />&nbsp;&nbsp;&nbsp; 43F8E230 0 00000001 pre-paks-out(252) 4 0(0)<BR />&nbsp; No data for type EXEC<BR />&nbsp; No data for type CONN<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp;&nbsp;&nbsp; Session Id=00000001 Unique Id=00000001<BR />&nbsp;&nbsp;&nbsp; Start Sent=0 Stop Only=N<BR />&nbsp;&nbsp;&nbsp; stop_has_been_sent=N<BR />&nbsp;&nbsp;&nbsp; Method List=0<BR />&nbsp;&nbsp;&nbsp; Attribute list:<BR />&nbsp;&nbsp;&nbsp; 441130EC 0 00000001 session-id(320) 4 1(1)<BR />&nbsp; No data for type CMD<BR />&nbsp; No data for type SYSTEM<BR />&nbsp; No data for type RM CALL<BR />&nbsp; No data for type RM VPDN<BR />&nbsp; No data for type AUTH PROXY<BR />&nbsp; No data for type CALL<BR />&nbsp; No data for type VPDN-TUNNEL<BR />&nbsp; No data for type VPDN-TUNNEL-LINK<BR />&nbsp; No data for type 11<BR />&nbsp; No data for type IPSEC-TUNNEL<BR />&nbsp; No data for type RESOURCE<BR />Debg: No data available<BR />Radi: No data available<BR />Interface:<BR />&nbsp; TTY Num = -1<BR />&nbsp; Stop Received = 0<BR />&nbsp; Byte/Packet Counts till Call Start:<BR />&nbsp;&nbsp;&nbsp; Start Bytes In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Start Bytes Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp; Start Paks&nbsp; In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Start Paks&nbsp; Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp; Byte/Packet Counts till Service Up:<BR />&nbsp;&nbsp;&nbsp; Pre Bytes In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Pre Bytes Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp; Pre Paks&nbsp; In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Pre Paks&nbsp; Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp; Cumulative Byte/Packet Counts :<BR />&nbsp;&nbsp;&nbsp; Bytes In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bytes Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp; Paks&nbsp; In = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Paks&nbsp; Out = 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp; StartTime = 21:48:16 PCTime Jun 14 2017<BR />&nbsp; Component = TTI<BR />Authen: service=NONE type=NONE method=NONE<BR />Kerb: No data available<BR />Meth: No data available<BR />Preauth: No Preauth data.<BR />General:<BR />&nbsp; Unique Id = 00000001<BR />&nbsp; Session Id = 00000001<BR />&nbsp; No General Attributes.<BR />PerU: No data available<BR />Service Profile: No Service Profile data.</P> <P>&nbsp;</P> <P>sho aaa user all | i NET: Username=&nbsp;&nbsp;&nbsp; &nbsp;<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)<BR />&nbsp; NET: Username=(n/a)</P> <P>&nbsp;</P> <P>Can someone help? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 21 Feb 2020 15:31:26 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349779#M1030681 Fotiosmark 2020-02-21T15:31:26Z https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349787#M1030682 Hi,<BR />You don't say what type of VPN you are running or on what device, but I assume router from your hostname of your output. I assume you are not using an external aaa server, so cannot tell from the radius accounting logs?<BR /><BR />"show crypto session" would show you the public ip addresses of active tunnels as you requested.<BR /><BR />HTH Fri, 16 Mar 2018 11:40:38 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349787#M1030682 Rob Ingram 2018-03-16T11:40:38Z https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349797#M1030683 i dont think there is a way to see the users since it is a router and not an ASA<BR />the sho cry session indeed shows all the peers connected under crypto. Public ips, ACLs etc. <BR />I am trying to see who is using the POOL from my VPN Ipsec Client. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span><BR />Its a local aaa<BR />So when I am trying to see show aaa session I get the below and I don't know why<BR /> sh aaa ses<BR />Total sessions since last reload: 2667411<BR />Session Id: 1<BR /> Unique Id: 1<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 1707429<BR /> Unique Id: 1707429<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 1707431<BR /> Unique Id: 1707431<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 1707433<BR /> Unique Id: 1707433<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 1707447<BR /> Unique Id: 1707447<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 2119827<BR /> Unique Id: 2119827<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 2119937<BR /> Unique Id: 2119937<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 2119959<BR /> Unique Id: 2119959<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 2119961<BR /> Unique Id: 2119961<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /> CT Call Handle: 0<BR />Session Id: 2119966<BR /> Unique Id: 2119966<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0<BR /> Idle Time: 0<BR /><BR />Also on another router that I am using as a test, when I connect with VPN ipsec client I get the same result...<BR />ession Id: 49<BR /> Unique Id: 49<BR /> User Name: *not available*<BR /> IP Address: 0.0.0.0 &lt;-------- ????<BR /> Idle Time: 0<BR /> CT Call Handle: 0 Fri, 16 Mar 2018 11:51:38 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349797#M1030683 Fotiosmark 2018-03-16T11:51:38Z https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349804#M1030685 Are you using EZVPN?<BR /><BR />One command that might be useful is "crypto logging session", this will create a syslog event for each new VPN connection established. Fri, 16 Mar 2018 12:00:01 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-trouble-users/m-p/3349804#M1030685 Rob Ingram 2018-03-16T12:00:01Z