Solved: Re: IPSEC VPN trouble users?

Fotiosmark · ‎03-16-2018

Hello Team,

My VPN seems to be working fine if thats you are wondering. My concern is much bigger.

I am trying to see Who is Connected in the VPN (user name) since it seems that someone, something, somehow has got all the IP Pool from my vpn

ydrovpnrouter# sh ip loca pool

Pool Begin End Free In use
SDM_POOL_1 10.10.10.1 10.10.10.23 4 19

I have several profiles for users to connect through IPSec Client, and I am trying to see who is connected, and if I cannot see by username, I am trying to see Public IP address.

Commands used so far

show aaa user all (get 21 output like this)

--------------------------------------------------
Unique id 1 is currently in use.
Accounting:
log=0x18001
Events recorded :
    CALL START
    INTERIM START
    INTERIM STOP
update method(s) :
    NONE
update interval = 0
Outstanding Stop Records : 0
Dynamic attribute list:
    43F8E1B8 0 00000001 connect-progress(35) 4 No Progress
    43F8E1CC 0 00000001 pre-session-time(253) 4 0(0)
    43F8E1E0 0 00000001 elapsed_time(322) 4 0(0)
    43F8E1F4 0 00000001 pre-bytes-in(249) 4 0(0)
    43F8E208 0 00000001 pre-bytes-out(250) 4 0(0)
    43F8E21C 0 00000001 pre-paks-in(251) 4 0(0)
    43F8E230 0 00000001 pre-paks-out(252) 4 0(0)
No data for type EXEC
No data for type CONN
NET: Username=(n/a)
    Session Id=00000001 Unique Id=00000001
    Start Sent=0 Stop Only=N
    stop_has_been_sent=N
    Method List=0
    Attribute list:
    441130EC 0 00000001 session-id(320) 4 1(1)
No data for type CMD
No data for type SYSTEM
No data for type RM CALL
No data for type RM VPDN
No data for type AUTH PROXY
No data for type CALL
No data for type VPDN-TUNNEL
No data for type VPDN-TUNNEL-LINK
No data for type 11
No data for type IPSEC-TUNNEL
No data for type RESOURCE
Debg: No data available
Radi: No data available
Interface:
TTY Num = -1
Stop Received = 0
Byte/Packet Counts till Call Start:
    Start Bytes In = 0             Start Bytes Out = 0
    Start Paks In = 0             Start Paks Out = 0
Byte/Packet Counts till Service Up:
    Pre Bytes In = 0             Pre Bytes Out = 0
    Pre Paks In = 0             Pre Paks Out = 0
Cumulative Byte/Packet Counts :
    Bytes In = 0             Bytes Out = 0
    Paks In = 0             Paks Out = 0
StartTime = 21:48:16 PCTime Jun 14 2017
Component = TTI
Authen: service=NONE type=NONE method=NONE
Kerb: No data available
Meth: No data available
Preauth: No Preauth data.
General:
Unique Id = 00000001
Session Id = 00000001
No General Attributes.
PerU: No data available
Service Profile: No Service Profile data.

sho aaa user all | i NET: Username=
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)
NET: Username=(n/a)

Can someone help? :)

Rob Ingram · ‎03-16-2018

Hi,
You don't say what type of VPN you are running or on what device, but I assume router from your hostname of your output. I assume you are not using an external aaa server, so cannot tell from the radius accounting logs?

"show crypto session" would show you the public ip addresses of active tunnels as you requested.

HTH

View solution in original post

Rob Ingram · ‎03-16-2018

Are you using EZVPN?

One command that might be useful is "crypto logging session", this will create a syslog event for each new VPN connection established.

View solution in original post

Rob Ingram · ‎03-16-2018

Hi,
You don't say what type of VPN you are running or on what device, but I assume router from your hostname of your output. I assume you are not using an external aaa server, so cannot tell from the radius accounting logs?

"show crypto session" would show you the public ip addresses of active tunnels as you requested.

HTH

Fotiosmark · ‎03-16-2018

i dont think there is a way to see the users since it is a router and not an ASA
the sho cry session indeed shows all the peers connected under crypto. Public ips, ACLs etc.
I am trying to see who is using the POOL from my VPN Ipsec Client. :(
Its a local aaa
So when I am trying to see show aaa session I get the below and I don't know why
sh aaa ses
Total sessions since last reload: 2667411
Session Id: 1
Unique Id: 1
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 1707429
Unique Id: 1707429
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 1707431
Unique Id: 1707431
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 1707433
Unique Id: 1707433
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 1707447
Unique Id: 1707447
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 2119827
Unique Id: 2119827
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 2119937
Unique Id: 2119937
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 2119959
Unique Id: 2119959
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 2119961
Unique Id: 2119961
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0
CT Call Handle: 0
Session Id: 2119966
Unique Id: 2119966
User Name: *not available*
IP Address: 0.0.0.0
Idle Time: 0

Also on another router that I am using as a test, when I connect with VPN ipsec client I get the same result...
ession Id: 49
Unique Id: 49
User Name: *not available*
IP Address: 0.0.0.0 <-------- ????
Idle Time: 0
CT Call Handle: 0

Rob Ingram · ‎03-16-2018

Are you using EZVPN?

One command that might be useful is "crypto logging session", this will create a syslog event for each new VPN connection established.