Info on the ancient, but ubiquitous, Cisco ASA.
show resource usage resource ssh
show ssh sessions ssh disconnect 3
sh vpn-sessiondb anyconnect filter name USERNAME vpn-sessiondb logoff name USERNAME
To block inbound traffic that would flow through the firewall…
access-list OUTSIDE_INBOUND extended deny ip host 192.0.2.99 any log access-list OUTSIDE_INBOUND extended permit ip any any access-group OUTSIDE_INBOUND in interface outside
To block inbound traffic that the firewall would respond to…
access-list CP_OUTSIDE_INBOUND extended deny ip host 192.0.2.99 any log access-list CP_OUTSIDE_INBOUND extended permit ip any any no access-group CP_OUTSIDE_INBOUND in interface outside control-plane
The upper one will not block someone trying to login to AnyConnect while the lower one will.