02-08-2013 03:28 AM
Does anyone know of a way to clear or configure a setting to clear Up and Idle vpn sessions.
The text below shows an edited 'sh cry sess brief'
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
K - No IKE
ivrf = xxxxxxxxx
Peer I/F Username Group/Phase1_id Uptime Status
a.d.e.159 Gi0/0 cust. id 07:47:39 UA
a.d.e.110 Gi0/0 cust. id 00:04:14 UA
a.f.g.222 Gi0/0 cust. id 01:37:20 UA
d.f.g.222 Gi0/0 cust. id UI
a.d.e.205 Gi0/0 cust. id UI
a.d.e.205 Gi0/0 cust. id 00:40:29 UI
a.d.e.205 Gi0/0 cust. id 00:47:14 UI
a.d.e.205 Gi0/0 cust. id 00:59:11 UI
a.b.c.152 Gi0/0 cust. id UI
a.b.c.152 Gi0/0 cust. id 02:49:20 UI
a.b.c.152 Gi0/0 cust. id UI
a.b.c.152 Gi0/0 cust. id 08:47:45 UI
a.b.c.152 Gi0/0 cust. id 10:56:47 UI
As it appears that the users at the remote end are not terminating their vpn sessions correctly and want to clear the unused sessions.
Thanks
02-08-2013 03:54 AM
You can clear the sessions with the following command:
rtr#clear crypto session ?
active Clears HA-enabled crypto sessions in the active state
fvrf Front-door VRF
isakmp Clear crypto sessions belonging to the group
ivrf Inside VRF
local Clear crypto sessions for a local crypto endpoint
remote Clear crypto sessions for a remote IKE peer
standby Clears HA-enabled crypto sessions in the standby state
username Clear crypto sessions of a user
But there is no option to clear only the idle sessions. You have to clear them individually.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
02-08-2013 03:59 AM
Yes, I known I can clear them manually, I was hoping that there may be a idle-time out setting or something along those lines that would detect no traffic on the vpn session and clear them that way.
02-08-2013 04:53 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: