Finding VPN on our network

Let me start off with our IS department does have some issues.

Our IS manager is a software engineer, and doesn't really know much about hardware. Our techs have the most hardware experience, but we have holes in our training.

This is our issue:
We have a Cisco 3000 VPN Concentrator, its up and working. We have a guy that connects to our server often.

Our network is on a domain, running on Server 2003.

How can I find out the IP address of the device???

Thanks for the help,

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

What is the address the user connects to?

RTmarc

If you are looking for the internal IP address connect a console cable and look at the configuration.

Howling Monkey

I don't know, I've been here for two years and have never met or talked to him. He's the consultant our company uses when things get bad.

Is their a command that lists IP and description on a network. I tried arp -a, but only listed IP addresses.

rsutton

You could download a port scanner and look for a device with the VPN ports open on your network.

instant000

Howling Monkey wrote: »

Let me start off with our IS department does have some issues.

Our IS manager is a software engineer, and doesn't really know much about hardware. Our techs have the most hardware experience, but we have holes in our training.

This is our issue:
We have a Cisco 3000 VPN Concentrator, its up and working. We have a guy that connects to our server often.

Our network is on a domain, running on Server 2003.

How can I find out the IP address of the device???

Thanks for the help,

Which device? the VPN concentrator? or the remote user's IP?

If the device is neighbored by a Cisco device that is running CDP (and the concentrator is also) you can use something like "sh cdp entry * protocols" to get the information you need. You would have to be able to logon to the neighboring device.

As a previous poster said, to get the IP address of the VPN concentrator, it should be as simple as connecting a console cable to the device, and checking the configuration.

But, if you don't know the IP, you probably don't know the password either. Welcome to password recovery:

Password Recovery Procedure for the Cisco VPN 3000 Series [Cisco VPN 3000 Series Concentrators] - Cisco Systems

=========

If you can logon to the concentrator, you can get in there, and view what IP they came from, as well as what account they logged in with.

In this case, you'd be well-served to just look at the guides for using the product. (I cannot remember the step-by-step off the top of my head, so sue me

)

Cisco VPN 3000 Series Concentrators Maintain and Operate Guides - Cisco Systems

====================

Common things to check in this scenario:
1. Are other users able to VPN just fine? (make sure there's nothing wrong with the VPN setup, can test this with a test account.)
2. User account expiration (we had all contractor accounts to expire on a certain date, good safety measure, so even if you forgot about it, it would cease being usable on a certain date)
3. User account locked (is the account locked?)
4. User account disabled (is the account disabled?)
5. Does the user have an internet connection? (Don't laugh, you KNOW this happens. Some people think it's supposed to work automatically.)
6. VPN Client configuration (make sure the user's setup is correct, according to your documentation)
7. Go to the session tab on the concentrator, see if you can see the user connecting.