First, review some of the available commands with vpn-sessiondb:
ciscoasa# vpn-sess logoff ? all All sessions email-proxy Email-Proxy sessions index Index specific session ipaddress IP Address specific sessions l2l IPsec LAN-to-LAN sessions name Username specific sessions protocol Protocol specific sessions remote IPsec Remote Access sessions svc SSL VPN Client sessions tunnel-group Tunnel-group sessions vpn-lb VPN Load Balancing Mgmt sessions webvpn WebVPN sessions
Here’s how I log off a VPN session from an ASA. You can also log off all sessions.
Log off single session based on index.
First, get the index.
# show vpn-sessiondb remote Username : remoteuser1 Index : 10030 Assigned IP : 172.16.0.182 Public IP : 1.2.3.4 Protocol : IKE IPsecOverNatT License : IPsec Encryption : DES 3DES Hashing : MD5 SHA1 Bytes Tx : 220 Bytes Rx : 844 Group Policy : MyGroupPolicy Tunnel Group : tpm Login Time : 09:59:32 EDT Wed Sep 21 2011 Duration : 0h:01m:15s Inactivity : 0h:00m:00s NAC Result : Unknown VLAN Mapping : N/A VLAN : none
Look for the user and associated index ID (in bold).
Log off that specific ID:
# vpn-sessiondb logoff index 10030 Do you want to logoff the VPN session(s)? [confirm] INFO: Session with Index = 10030 has been logged off
Note, you can also logoff a specific sesson based on name (as well as index) if you know the name.
You can log off all sessions by simply using
vpn-sessiondb logoff all
