Can the ASA log when Cisco client VPN's logon/logoff?

Unanswered Question
Apr 14th, 2008

Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-

logging enable

logging buffer-size 14096

logging buffered debugging

logging trap debugging

logging facility ##(used by my syslog server to filter)

logging host <> <>

My syslog see's:-

%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.

%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.

HTH

whiteford Wed, 04/16/2008 - 00:32

Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?

We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.

Depending on the models you have - you might want to test the traps levels first and see the impact.

HTH

Actions

This Discussion