Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2462
Views
0
Helpful
3
Replies

VPN Up and Idle Sessions - How to clear ?

Stephen Carter
Level 1
Level 1

‎02-08-2013 03:28 AM

Does anyone know of a way to clear or configure a setting to clear Up and Idle vpn sessions.

The text below shows an edited 'sh cry sess brief'

Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
        K - No IKE
ivrf = xxxxxxxxx

           Peer     I/F        Username          Group/Phase1_id   Uptime Status
     a.d.e.159   Gi0/0                                cust. id 07:47:39    UA
     a.d.e.110   Gi0/0                                cust. id 00:04:14    UA
     a.f.g.222   Gi0/0                                cust. id 01:37:20    UA
     d.f.g.222   Gi0/0                                cust. id                  UI
     a.d.e.205   Gi0/0                                cust. id                  UI
     a.d.e.205   Gi0/0                                cust. id 00:40:29    UI
     a.d.e.205   Gi0/0                                cust. id 00:47:14    UI
     a.d.e.205   Gi0/0                                cust. id 00:59:11    UI
     a.b.c.152   Gi0/0                                cust. id                  UI
     a.b.c.152   Gi0/0                                cust. id 02:49:20    UI
     a.b.c.152   Gi0/0                                cust. id                  UI
     a.b.c.152   Gi0/0                                cust. id 08:47:45    UI
     a.b.c.152   Gi0/0                                cust. id 10:56:47    UI

As it appears that the users at the remote end are not terminating their vpn sessions correctly and want to clear the unused sessions.

Thanks

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎02-08-2013 03:54 AM

You can clear the sessions with the following command:

rtr#clear crypto session ?

  active    Clears HA-enabled crypto sessions in the active state

  fvrf      Front-door VRF

  isakmp    Clear crypto sessions belonging to the group

  ivrf      Inside VRF

  local     Clear crypto sessions for a local crypto endpoint

  remote    Clear crypto sessions for a remote IKE peer

  standby   Clears HA-enabled crypto sessions in the standby state

  username  Clear crypto sessions of a user

 

But there is no option to clear only the idle sessions. You have to clear them individually.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Stephen Carter
Level 1
Level 1
In response to Karsten Iwen

‎02-08-2013 03:59 AM

Yes, I known I can clear them manually, I was hoping that there may be a idle-time out setting or something along those lines that would detect no traffic on the vpn session and clear them that way.

0 Helpful
Customers Also Viewed These Support Documents