By using this command, you can gather almost any information you need on user SSL VPN sessions on the router. Hide-urlbar file-access file-browse file-entry svc-enabled port-forward-auto-download-enabled citrix disabled address pool name = "sslvpnpool"ĭpd client timeout = 300 sec dpd gateway timeout = 300 sec keep sslvpn client installed = enabled rekey interval = 3600 sec rekey method = new-tunnel lease duration = 43200 sec split include = 192.168.1.0 255.255.255.0Īnother useful command for monitoring or even troubleshooting SSL VPN sessions on the Cisco IOS router is the show webvpn stats detail command. Idle timeout = 2100 sec session timeout = 43200 sec port forward name = "TerminalServer" Group name = SecureMeDefaultPolicy Group Policy Parameters url list name = "WebOutlook"Ĭifs url list name = "InternalFileServer" WebVPN user name = sslvpnuser IP address = 209.165.200.230 context = SecureMeContextĬSD Web Browsing Disabled CSD Port Forwarding Allowed CSD Full Tunneling Disabled CSD File Access Allowed Client Port: 1707Įxample 6-38 Output of the show webvpn session Command (Continued) It shows you not only the SSL VPN session statistics for a user but also provides information on CSD and indicates what policies are applied for that specific session.Įxample 6-38 Output of the show webvpn session CommandĬhicago# show webvpn session user sslvpnuser context SecureMeContext
Example 6-38 shows the output of this command. For example, you can type the show webvpn session user sslvpnuser context securemecontext command to see most of the information that was shown in Figure 6-47. You can also monitor the SSL VPN connections through the CLI. SDM also shows the values of the applied group policies, such as the applied URL, port forwarding, and NBNS list names.įigure 6-47 Monitoring SSL VPN Sessions Through SDM The applied group policy is SecureMeGroupPolicy. The user computer's IP address is 209.165.200.230 and the user session was created 27 seconds ago. As shown in Figure 6-47, an active clientless connection is created by a user called sslvpnuser. The Cisco IOS router shows you all the active VPN sessions for the SecureMeContext context. You can achieve this by choosing Monitor > VPN Status > SSL VPN (All Contexts) > SecureMeContext > Users. To monitor SSL VPN sessions, the first step is to check how many active SSL VPN tunnels are established on the IOS router. This section discusses the monitoring steps that are available to help you run the SSL VPN solution smoothly on the IOS router.
0 kommentar(er)
