Many IT groups put a lot of effort into providing IPv6 access within the traditional boundaries of their enterprise and often delay supporting those users who work remotely. ■ IPv6 remote access over Cisco VPN Client: This section discusses providing IPv6 access to enterprise services over an IPsec session using the Cisco VPN Client and host-based IPv6 tunnels. ■ IPv6 remote access over Cisco An圜onnect: This section covers providing IPv6 access to enterprise services over a dual-stack SSL VPN session using the Cisco An圜onnect SSL VPN Client. The use of the An圜onnect client can be enabled through the purchase of an Essential VPN license, which enables the basic An圜onnect features, including IPsec IKEv2 and SSL VPN access.This topic covers the following subjects: Run the “show version” command to view the maximum number of allowed Anyconnect peers. More details for the command options can be found below: Issue the command “show vpn-sessiondb anyconnect” to get details of the remote users connected via Anyconnect. Indeni will alert if there is a high number of concurrent Anyconnect VPN users Note: installed at indeni lab for live testing
Output #5 (reference to the device data in the Script Input section)Ĭisco Adaptive Security Appliance Software Version 9.9(1) Output #4 (reference to the device data in the Script Input section)Ĭisco Adaptive Security Appliance Software Version 9.1(7)23 Output #3 (reference to the device data in the Script Input section)Ĭisco Adaptive Security Appliance Software Version 9.1(1) Output #2 (reference to the device data in the Script Input section)ĪSA 5516-X with FirePOWER services, 8GE, AC, DESĬisco Adaptive Security Appliance Software Version 9.12(2)1 Output #1 (reference to the device data in the Script Input section)ĪSA 5512-X with SW, 6 GE Data, 1 GE Mgmt, ACĬisco Adaptive Security Appliance Software Version 9.9(2)52 The value of the metric should be equal to the number of times that the stirng "username" appears to the output.įor instance for the next example it should be total-anyconnect-vpn-users=2 since the string username appeart twice. The tag "name" should provide the next information for all the users and this tag will be used when the alert is triggered. The script should publish the following tags
The script should read the ASA output and generate a double metric 'total-anyconnect-vpn-users' which has the total number of users. "username": local IP "local-ip" Remote IP "remote-ip" and logged in "login-time" The tag name should provide the next information for all the users
User: 'username' with local IP 'local-ip' logged in "login-time" Group Policy : GroupPolicy_sslvpn Tunnel Group : sslvpn Hashing : An圜onnect-Parent: (1)SHA1 SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA1 Protocol : An圜onnect-Parent SSL-Tunnel DTLS-TunnelĮncryption : An圜onnect-Parent: (1)none SSL-Tunnel: (1)AES256 DTLS-Tunnel: (1)AES256 More information can be found in this Configuration Guide: Īssigned IP : 10.10.8.26 Public IP : 5.203.255.118 The script runs the Cisco ASA command "show vpn-sessiondb anyconnect" to retrieve this information.
Provide useful information for the remote users connected via Anyconnect VPN such as username, local IP address and login time. More information can be found to the next Configuration Guide: Īn administrator can run the Cisco ASA command "show vpn-sessiondb anyconnect" via SSH connection to retrieve the same information. Besides insight is provided for the remote users connected via An圜onnect
Description: Check the number of vpn users via anyconnectĬheck the total number concurrent remote users connected via Anyconnect VPN in order to control any license exceeding limitation.