Looking for more information about those %ASA-4–113019 session disconnects in your logs, especially the illusive “administrator reset”?
So was I. So I did a few experiments to see which “reason” my Cisco ASA gave me under different circumstances.
In my ASA logs, I typically saw four “reasons” for disconnects, for which there was zero explanation in Cisco’s documentation:
Administrator Reset
User Requested
Lost Service
Peer Reconnected
Here’s what I found typically for each “reason” for the disconnect. Leave me a note if you’ve found more & I’ll add them to this post.
Reason: Administrator Reset
I saw this illusive, not quite apt named “reason” in these instances:
When my primary Internet connection failed. In my log reading, I saw this error prior to the client VPN disconnect:
%ASA-6–622001: Removing tracked route 0.0.0.0 0.0.0.0 <snip>
and then this message for a few VPN users, which is a clue also:
%ASA-4–113019: Group = group_name, Username = name, IP = x.x.x.x, Session disconnected. Session Type: IPsecOverNatT, Duration: h:m:s, Bytes xmt: x, Bytes rcv: x, Reason: Administrator Reset
Note: you’ll only see the ASA-622001 message if you’re using tracked routes to fail over to a backup Internet connection.
When I forcibly disconnected the user account with:
# vpn-sessiondb logoff name name
But I don’t do that often, or I’d end up with really annoyed users!
Reason: User Requested
Not surprisingly, I saw this “reason” for the disconnect when I disconnected my VPN client.

Reason: Peer Reconnected
I saw this “reason” when I turned off wireless on my laptop before disconnecting VPN.
Reason: Lost Service
I saw this “reason” when I disconnected the cable between my wireless router and the Internet — simulating a drop from my Internet provider.