Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to check and remove/disconnect users connected to Dynamic VPN

0

0

Article ID: KB27298 KB Last Updated: 20 Aug 2018Version: 3.0
Summary:

This article explains the procedure to check the details of the users connected to Dynamic VPN and tells how to disconnect them if required.

Symptoms:

On occasion, it may be necessary to know the details of the users connected to the Dynamic VPN, or disconnect one or all users connected to the Dynamic VPN.

Example:

A possible scenario would be where a system with 5 licenses for dynamic VPN with all five licenses in use, and a additional user needs to be connected through the Dynamic VPN. In this example scenario, check the details of the users who are connected and remove one or a few of them to free up the licenses so that new users can connect.
 
Solution:

To check the details of the users connected to the Dynamic VPN, we can use the following command:


user@host> show security dynamic-vpn users ?
Possible completions:
<[Enter]>             Execute this command
detail                   Display detailed user connection information (default)
terse                    Display terse output
|                        Pipe through a command

Given below are the sample outputs of this command:

user@host> show security dynamic-vpn users User: john , User group: group-one , Number of connections: 1 Remote IP: 22.34.54.2 IPSEC VPN: dyn_vpn2 IKE gateway: gw1 IKE ID : johngw1.juniper.net IKE Lifetime: 72000 IPSEC Lifetime: 3600 Status: CONNECTED

user@host> show security dynamic-vpn users terse
User     User          Remote    IKE         Status    IKE        IPSEC        Client     Time
        Groups           IP       ID                  Lifetime   Lifetime      Config   Established
                                                                                Name
john   group-one   22.34.54.2   johngw1.   CONNECTED    72000      3600        group         Thu 
                                juniper.                                                    Apr 18 10:
                                  net                                                       26:39 2013

Once we have the detailed information about the users, we can disconnect one/all of them as per our requirement. For this purpose, the following commands can be used:


user@host> clear security dynamic-vpn ?
Possible completions:
all             Clear all dynamic VPN user connections
user            Clear Dynamic VPN user connection with specified username

This command clears the dynamic VPN user connection for the specified username.

Syntax:

user@host> clear security dynamic-vpn user <username> ike-id <ike-id>

Below are the sample outputs of this command:

user@host> clear security dynamic-vpn user john ike-id johngw1.juniper.net
Connection entry for user john has been cleared





 
Modification History:

2018-08-20: Minor, non-technical updates.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search