Logging Off Anyconnect Client Sessions - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual
Administration guide
Hide thumbs
Also See for 5505 - ASA Firewall Edition Bundle:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 9
Monitoring and Maintaining the AnyConnect Client
Viewing AnyConnect Client and SSL VPN Sessions
This command affects only the AnyConnect Client. The Cisco SSL VPN Client (SVC) is not capable of
adjusting to different MTU sizes.
The default size for this command in the default group policy is 1406. The MTU size is adjusted
automatically based on the MTU of the interface that the connection uses, minus the IP/UDP/DTLS
overhead.
This command affects AnyConnect Client connections established in SSL and those established in SSL
with DTLS.
The following example configures the MTU size to 1200 bytes for the group policy telecommuters:
hostname(config)# group-policy telecommuters attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc mtu 1200
Many consumer-grade end user terminating devices (for example, a home router) do not properly handle
the creation or assembly of IP fragments. This is particularly true of UDP. Since DTLS is a UDP-based
protocol, it is sometimes necessary to reduce the MTU to prevent fragmentation. The MTU parameter is
used by both the client and the security appliance to set the maximum size of the packet to be transmitted
over the tunnel. If an end user is experiencing a significant amount of lost packets, or if an application
such as Microsoft Outlook is not functioning over the tunnel, it might indicate a fragmentation issue.
Lowering the MTU for that user or group of users may address the problem.
The client proposes an MTU value that is 94 bytes less than the MTU of the physical adapter used for
the SSL and DTLS connection to the security appliance. The security appliance accepts the lesser of the
configured MTU or the value proposed by the client. Both the client and the security appliance use the
value selected by the security appliance.
For example, if the physical adapter on the PC has been changed to use an MTU of 1300, then the client
proposes an MTU of 1206 to the security appliance. If the security appliance is set for a value lower than
1206, both the client and the security appliance use the lower value that was set using the MTU
configuration command.
Logging Off AnyConnect Client Sessions
To log off all AnyConnect Client and SSL VPN sessions, use the vpn-sessiondb logoff svc command in
global configuration mode:
vpn-sessiondb logoff svc
In response, the system asks you to confirm that you want to log off the VPN sessions. To confirm press
Enter or type y. Entering any other key cancels the logging off.
The following example logs off all SSL VPN sessions:
hostname# vpn-sessiondb logoff svc
INFO: Number of sessions of type "svc" logged off : 1
Do you want to logoff the VPN session(s)? [confirm]
INFO: Number of sessions logged off : 6
hostname#
You can log off individual sessions using either the name option, or the index option:
vpn-sessiondb logoff name name
vpn-sessiondb logoff index index
For example, to log off the user named tester, enter the following command:
hostname# vpn-sessiondb logoff name tester
Do you want to logoff the VPN session(s)? [confirm]
Cisco AnyConnect VPN Client Administrator Guide
9-3
OL-12950-012
Advertisement
Table of Contents
