Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Log out designated RA VPN users

Jump to solution

Good day everyone.

I am looking for advise on the best way to force designated RA User VPN users off of VPN.

The requirement is to force the user offline in such a way that they would have to authenticate again to (or not to) gain VPN access again.

In this use case the backend authentication is completed via AD.  In testing disabling the user AD account does not automatically disconnect their VPN session.

Thoughts?

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.

View solution in original post

0 Kudos
2 Replies
Highlighted
Admin
Admin
You can use RAsession_util (a CLI-based tool) for this.
However, it is OFF by default and requires a cprestart in order to activate it.

View solution in original post

0 Kudos
Highlighted
Platinum

1. Find user's source IP of his/her workstation

2. Go to the gateway where the user is connected and needs to be disconnected

3. Issue command "vpn tu"

4. Delete all IPsec+IKE SAs for a given User (Client)

5. Repeat steps 2-4 for all relevant gateways

6. User is disconnected from all desired gateways

Kind regards,
Jozko Mrkvicka
0 Kudos