Monitoring VPN Client Connections

Unanswered Question
Aug 30th, 2007
User Badges:

Is there a way to get a PIX to log what vpngroup is used when creating a VPN connection? Syslog is recording PIX-4-602301 when the SA is created but it doesn't say which group was used. I could even get what I needed if I knew what IP address the PIX issued. I changed the logging level to informational and while I get more information it's still not what I need. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
s-doyle Wed, 09/05/2007 - 13:57
User Badges:

show vpngroup [group_name] helps you find the group name on the PIX.

bretcollins Thu, 09/06/2007 - 06:31
User Badges:

I know what my vpngroup names are, I want them to be recorded in syslog messages.

Here is an example

%PIX-4-602301: sa created, (sa) sa_dest= 12.227.x.x, sa_prot= 50, sa_spi= 0x9133272c(2436048684), sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 17

I know that is me connecting to the PIX, but only because I know that is my address. If I didn't know whose address (12.227.x.x) belonged to, I would have no way to find out which vpngroup was used. I am looking for a way to say 'vendor x logged into the VPN at date/time and was on for y minutes'. All I have now is that someone logged in at date/time and connected for y minutes, but I don't which vendor it was.


This Discussion