05-08-2007 07:29 PM - edited 03-11-2019 03:11 AM
Greetings All,
I have a customer who wishes to log all VPN user activity on their ASA5510 so he can look back and see who was using a VPN connection on a particular day.
I can see in the ASDM how you can see real time, who is on but do you know what logging command I need to use to log this activity for reference so that it can be viewed at a later date?
Thanks
05-08-2007 09:29 PM
Hello Haroon,
You can check the following document to setup VPN client authentication using M$ IAS/RADIUS. Works very well for my customer...
Hope it helps and please rate posts if it does!!
Cheers // Jay
05-09-2007 12:37 PM
Thanks Jay,
But my issue is that VPN users are already authenticated locally. My only requirement is that I want ASA to send syslogs of the connections made by VPN clients.
i.e. Everytime a VPN client logs in, ASA should send a syslog to syslog server.
Thanks,
05-09-2007 12:54 PM
My firewall logs this as %ASA-7-713052.
May 3 09:31:37 xxxfrwxxx %ASA-7-713052: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, User (xxx) authenticated.
This is just one of many log messages that I see upon authentication.
05-09-2007 12:57 PM
Can you tell me how is it configured?
Thanks
05-09-2007 01:17 PM
Logging is configured pretty verbose.
logging enable
logging timestamp
logging standby
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging facility 21
logging host inside aaa.bbb.ccc.ddd
logging host inside aaa.bbb.ccc.eee
no logging message 710005
no logging message 710003
Here's the failure message btw.
May 3 17:46:02 xxxfrwxxx %ASA-3-713167: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, Remote peer has failed user authentication - check configured username and password
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: