06-03-2013 01:44 PM - edited 02-21-2020 06:56 PM
Can anyone help me figure out why my "sh vpn-sessiondb anyconnect" doesn't parse the username properly. Here is a picture of what its doing, and what I'm expecting.
It's saying "Users" instead of "Dan Bryan"
I am using the default Microsoft Users certificate template.
Solved! Go to Solution.
06-06-2013 02:55 PM
Sorry my system crashed so no access to emails. I would like you to try a command username-from-certificate cn under webvpn attributes.
Sent from Cisco Technical Support Android App
06-03-2013 04:24 PM
Can you paste the output of show run tunnel-group
Jatin Katyal
- Do rate helpful posts -
06-04-2013 08:51 AM
asa# show run tunnel-group Securesub
tunnel-group Securesub type remote-access
tunnel-group Securesub general-attributes
address-pool VPN_POOL
authentication-server-group SECURESUB_LDAP LOCAL
default-group-policy Securesub
tunnel-group Securesub webvpn-attributes
authentication certificate
group-alias Se3curesub disable
group-alias Securesub enable
06-06-2013 11:12 AM
Bump... Any ideas on this?
06-06-2013 02:55 PM
Sorry my system crashed so no access to emails. I would like you to try a command username-from-certificate cn under webvpn attributes.
Sent from Cisco Technical Support Android App
06-07-2013 08:04 AM
It doesn't seem like you can issue that command under webvpn-attributes, but I was able to do it under general-attributes. I logged off and back onto the VPN, and it still shows as Users
asa(config)# show run tunnel-group Securesub
tunnel-group Securesub type remote-access
tunnel-group Securesub general-attributes
address-pool VPN_POOL
authentication-server-group SECURESUB_LDAP LOCAL
default-group-policy Securesub
username-from-certificate CN
tunnel-group Securesub webvpn-attributes
authentication certificate
group-alias Securesub enable
asa(config)# tunnel-group Securesub general-attributes
asa(config-tunnel-general)# username-from-certificate cn
asa(config-tunnel-general)# sh vpn-sessiondb anyconnect
Session Type: AnyConnect
Username : Users Index : 176
Assigned IP : x.x.x.x Public IP : x.x.x.x
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Essentials
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)RC4 DTLS-Tunnel: (1)AES128
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA1
Bytes Tx : 174804 Bytes Rx : 87313
Group Policy : Securesub Tunnel Group : Securesub
Login Time : 10:16:24 EDT Fri Jun 7 2013
Duration : 0h:03m:52s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
06-07-2013 08:13 AM
I changed it to:
username-from-certificate use-entire-name
and it gave me the following output which is acceptable.
Username : e=Dan.Bryan@securesub.net,cn=Dan Bryan,cn=Users,dc=securesub,dc=net
I would still prefer for it to just say "Dan Bryan" but it looks like having 2 CN's is throwing it off.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: