cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1286
Views
10
Helpful
6
Replies

Cisco anyconnect VPN firewall not showing any ISAKMP SA connection in show command ?

Vasanth R
Level 1
Level 1

Hi all,

 

I'm new to Cisco VPN , I tried show crypti ISAKMP SA command on a anyconnect enabled cisco ASA and it show no ISAKMP SA . Is that a normal behaviour even if any anyconnect client is actively connected ?

 

Thanks in advance

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Unless you have your remote access VPN setup to use IKEv2 (uncommon) then it uses SSL/TLS, not IPsec (with ISAKMP Security Associations).

 

To see the connection status of your AnyConnect clients, use the command:

 

show vpn-sessiondb anyconnect

View solution in original post

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Try below commands :

 

show vpn-sessiondb  ? - with this give you options.

 

show vpn-sessiondb remote

show vpn-sessiondb summary

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you for swift response.

 

Yes I can see those output of vpn session db command as below.

But I just wanted to know that why there is no SA when a cisco anyconnect VPN client is connected to the ASA firewall ?

 

FYI - I can see the details of connected client in the first command  but no SA found in that firewall , is that the normal behavior ? 

 

Is that the ISAKMP & IPSEC sa are created only for L2L VPN tunnel ?

 

0012-asa-5585b# show vpn-sessiondb anyconnect

Session Type: AnyConnect
Username:vxxx1
Assigned IP 192.16.10.55
Protocol AnyConnect-Parent SSL-Tunnel DTLS-Tunnel

0012-asa-5585b# show crypto isakmp sa

There are no IKEv1 SAs

There are no IKEv2 SAs

0012-asa-5585b# show crypto ipsec sa

There are no ipsec sas

adding to other post - if you looking for vpn user connections that is the command to use to get the details.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you Balaji.

Marvin Rhoads
Hall of Fame
Hall of Fame

Unless you have your remote access VPN setup to use IKEv2 (uncommon) then it uses SSL/TLS, not IPsec (with ISAKMP Security Associations).

 

To see the connection status of your AnyConnect clients, use the command:

 

show vpn-sessiondb anyconnect

Thank you Marvin. Well explained

Thanks again.