cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
4
Helpful
5
Replies

Logging VPN connections

haroon.shaikh
Level 1
Level 1

Greetings All,

I have a customer who wishes to log all VPN user activity on their ASA5510 so he can look back and see who was using a VPN connection on a particular day.

I can see in the ASDM how you can see real time, who is on but do you know what logging command I need to use to log this activity for reference so that it can be viewed at a later date?

Thanks

5 Replies 5

jmia
Level 7
Level 7

Hello Haroon,

You can check the following document to setup VPN client authentication using M$ IAS/RADIUS. Works very well for my customer...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Hope it helps and please rate posts if it does!!

Cheers // Jay

Thanks Jay,

But my issue is that VPN users are already authenticated locally. My only requirement is that I want ASA to send syslogs of the connections made by VPN clients.

i.e. Everytime a VPN client logs in, ASA should send a syslog to syslog server.

Thanks,

My firewall logs this as %ASA-7-713052.

May 3 09:31:37 xxxfrwxxx %ASA-7-713052: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, User (xxx) authenticated.

This is just one of many log messages that I see upon authentication.

Can you tell me how is it configured?

Thanks

Logging is configured pretty verbose.

logging enable

logging timestamp

logging standby

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm debugging

logging facility 21

logging host inside aaa.bbb.ccc.ddd

logging host inside aaa.bbb.ccc.eee

no logging message 710005

no logging message 710003

Here's the failure message btw.

May 3 17:46:02 xxxfrwxxx %ASA-3-713167: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, Remote peer has failed user authentication - check configured username and password

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: